10G  gold  Falling  prices  are  pushing  demand  for  10G  prod¬ 
ucts  -  but  not  everyone  is  jumping  on  the  bandwagon.  PAGE  24 


New  voices  VoIP  services  from  the  likes  of  Vonage  and 

Skype  have  heavyweights  AT&T  and  MCI  scrambling.  PAGE  8 
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IDS  IN  THE  WILD:  TAKE  II 

IDSs  make  strides 
in  latest  testing 


AT&T  touts  tool 
to  map  IP  traffic 


■  BY  JOEL  SNYDER,  DAVID  NEWMAN  AND  RODNEY  THAYER, 
NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


Network  intrusion-detec¬ 
tion  systems  can  be 
highly  useful  additions 
to  your  enter¬ 
prise  security 
arsenal.They 
provide  unique 
visibility  into 
your  networks 
and  offer  pow¬ 
erful  forensics 
tools  that  help 
detect  how  and  when  your 
network  was  attacked. 

IDSs  are  not  for  every  net¬ 
work,  but  when  they  are 
deployed  in  the  right  place  at 
the  right  time,  and  monitored 
by  the  right  network  security 
professional,  they  are  the  right 
kind  of  product. 

Those  are  the  conclusions 
we  reached  based  on  tests  of 
five  IDS  products  handling 


live  Internet  traffic  for  60  days 
in  real-world  scenarios. 

We  tested  these  products  as 
we  did  last  year, 
in  front  of  multi¬ 
ple  live  networks 
that  were  open 
to  Internet 
attacks.  While 
last  year’s  testing 
centered  on  sim¬ 
ple  detection, 
we  went  beyond  that  this  year 
to  focus  on  specific  scenarios 
that  an  enterprise  security 
manager  could  encounter. 

We  found  that  while  false 
positives  are  still  a  problem, 
they  are  much  less  of  a  prob¬ 
lem  than  they  were  last  year, 
as  the  vendors  have  gotten 
better  at  managing  the  flood 
of  false  alarms. 

See  IDS,  page  47 
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■  BY  CAROLYN  DUFFY  MARSAN 

Researchers  at  AT&T  Labs  have  applied  leading- 
edge  statistical  techniques  to  create  what  they  say 
are  the  first  real-time  traffic  reports  for  IP  networks. 
This  breakthrough  is  the  final  piece  of  a  six-year 
effort  at  AT&T  Labs  to  find  a  way  to  provide  IP  net¬ 
work  management  that  is  on  par  with  that  of  the 
extremely  reliable  telephone  network. 

AT&T  has  coined  the  term  “tomo-gravity”  to 
describe  its  new  IP  traffic  measurement  technique. 
The  technique  combines  statistical  gravity  model¬ 
ing  with  computer-automated  tomography,  which  is 
the  CAT  in  a  medical  CAT  scan. The  result  is  better 
network  planning,  provisioning  and  troubleshoot¬ 
ing,  researchers  say 

“Without  the  traffic-matrix  computation,  network 
engineering  for  IP  networks  was  more  an  art  than  a 
science,”  says  Albert  Greenberg,  division  manager 
for  network  measurement  and  engineering  re¬ 
search  at  AT&T  Labs. “We’ve  been  knocking  off  dif- 


1 1 Without  the  traffic-matrix 
computation,  network  engineering 
for  IP  networks  was 
more  an  art  than  a 
science.  If 

Albert  Greenberg,  division 
manager  for  network 
measurement  and  engineering 
research,  AT &T  Labs 

ferent  pieces  of  [this  problem] _ This  is  the  miss¬ 

ing  piece  that  we  recently  discovered.” 

AT&T’s  tomo-gravity  software  plugs  SNMP  data 
into  equations  that  run  in  seconds  to  create  an 
accurate  picture  of  AT&T’s  IP  traffic.  The  reports 
provide  a  detailed  look  at  the  traffic  flowing  across 

See  AT&T,  page  12 


IBM  airs  ‘utility’  wares 

Focus  on  automating  storage,  server  setup. 


■  BY  DENI  CONNOR  AND 
DENISE  DUBIE 

IBM  last  week  continued  to  fill 
in  its  utility  computing  puzzle  by 
introducing  a  variety 
of  products,  services 
and  partnerships  all 
designed  to  let  com¬ 
panies  more  quickly 
deploy  and  more  effi¬ 
ciently  manage  data-center 
resources. 

The  company  is  aiming  to 
make  it  possible  for  corporate 
users  to  link  server,  storage  and 


network  gear  into  one  big,  har¬ 
monious  package  that  will  help 
them  adapt  more  quickly  to 
changing  business  demands. 
While  this  latest  technology  that 
IBM  is  rolling  out  as 
part  of  its  $10  billion 
initiative  isn’t 

groundbreaking,  it 
does  represent  incre¬ 
mental  steps  toward 
automating  data-center  systems 
and  virtualizing  resources. 

“It’s  going  to  be  a  long  cultural 
shift  for  IT  organizations  to  bring 
See  IBM,  page  16 


Start-ups 
push  storage 
with  a  twist 

■  BY  DENI  CONNOR 

A  handful  of  storage  start-ups 
art  developing  software  that  will 
let  users  guarantee  the  integrity, 
authenticity  and  rapid  accessi¬ 
bility  of  large  amounts  of  data  at 
a  fraction  of  the  cost  of  tradi¬ 
tional  storage  arrays. 

Cluster  File  Systems,  Panasas, 
Permabit  and  Reference  Inform¬ 
ation  Systems  (RIS)  are  among 
the  vendors  creating  software 
See  Storage,  page  70 


■  IBM  spells  out 
convergence  plan  for 
Domino,  WebSphere- 
based  collaboration 
offerings.  Page  15. 
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ing  Microsoft  Windows  Server  2003.  Do  more  with  less 


You’re  being  asked  to  do  more.  You're  being  asked  to  do  it  with  less.  Microsoft  Windows  Server  2003  is  designed 
to  help  you  manage  these  opposing  forces,  and  get  the  most  from  your  infrastructure  with  less  time,  money,  and 
Igassle.  New  servers  with  Windows  Server  2003  can  deliver  twice  the  performance  at  half  the  cost  of  existing 
ajvmdows  NT  4.0  Servers.  Now  that’s  doing  more  with  less.  Download  your  free  evaluation  copy  of  Windows 
K^ver  2003  at  microsoft.com/windowsserver2003  to  see  your  potential  gains.  Software  for  the  Agile  Business. 
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You  don’t  have  two  hours 


Eliminate  boundaries  and  you  create  opportunity.  At  Nortel  Networks,  we  transform  networks.  Removing  barriers  to  efficiency, 
productivity  and  growth.  Making  your  business  a  more  profitable  place,  nortelnetworks.com 
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IDS  IN  THE  WILD:  TAKE  II 


IDSs  make  strides  in  latest  testing 

Our  60-day,  "In  the  Wild”  test  of  five  IDS  products  shows  that  vendors  have  improved 
their  usefulness  with  the  addition  of  new  event  management  and  forensic  tools. 

Continued  on  Page  47  from  Page  1. 

Testers  outline  what  IDS  can  and  can't  be 
expected  to  do.  Page  48. 

Are  false  positives  still  a  problem  with  IDS? 

Page  50. 

Detailed  description  of  each  vendors'  IDS 
architecture.  Page  52. 
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A  user  with  an  ISDN  VPN  as  a  backup  to  his  leased  line  is  looking  for 
an  automated  testing  tool  so  he  doesn't  have  to  test  the  circuit  by 
hand.  Suggestions?  DocFinder:  8039 
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The  new  data  center  is  about  ways  to  control  and  consolidate  data,  to 
automate  servers  and  storage,  and  new  tools  to  maximize  your  net¬ 
work  through  virtualization.  Discover  them  all  at  The  New  Data  Center: 
Powering  the  Enterprise,  a  new  Network  World  Technology  Tour  event. 
Free  to  qualified  professionals.  DocFinder:  7534 
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Ballmer  pledges  security  push . . .  again 

■  Calling  Microsoft’s  most-recent  software  security  crisis  a  defin¬ 
ing  moment,  CEO  Steve  Ballmer  last  week  reiterated  the  compa¬ 
ny’s  vow  to  fix  what  is  broken.  Ballmer  repeated  promises  to 
improve  patching  tools,  including  a  single  site  to  download  patch¬ 
es,  fewer  installer  technologies  and  smaller  patches  with  fewer 
reboots.  The  improvements  will  come  in  mid-2004  along  with  an 
upgrade  to  Microsoft’s  Software  Update  Services  2.0,  which  will 
include  platforms  other  than  Windows,  including  Exchange, 
Office  and  SQL  Server.  Microsoft  also  will  extend  to  next  June 
security-patch  support  for  Windows  2000  Service  Pack  2  and 
Windows  NT  4.0  and  Workstation  Service  Pack  6a.  Ballmer  also 
said  the  network  perimeter  would  be  secured,  starting  with 
Windows  XP  Service  Pack  2. That  service  pack  is  expected  to  ship 
by  next  September  and  reduce  buffer-overrun  and  other  vulnera¬ 


Storage  sweethearts.  Setting  aside  their  fierce  rivalry  for  at  least 
the  moment,  EMC  and  IBM  last  week  said  they  will  exchange  APIs  in  an  effort  to 
make  it  easier  for  their  customers  to  manage  each  vendor’s  server  or  storage 
products. 

Poor  politics.  The  mouthpiece 
for  Sen.  Kit  Bond  (R-Mo.)  has  been  canned 
after  it  came  to  light  the  communications 
director  ran  a  political  Web  site  named 
for  the  tail  number  of  a  plane  that  crashed 
in  2000,  taking  the  life  of  the  state’s 
Democratic  governor,  according  to  an 
Associated  Press  report,  “The  actions  of 
a  member  of  my  staff  in  using  official 
computers  to  make  hurtful  personal  attacks 
on  public  servants  were  totally  unacceptable 
and  will  not  be  tolerated,"  Bond  said  in  a  statement. 


Sexy  technology.  It's  good  to  know 
that  the  millions  of  dollars  that  have  been  poured 
into  developing  text-messaging  technology  are  starting 
to  pay  off.  Word  came  last  week  from  one  provider 
that  the  “first  wireless  premium  text-messaging  campaign 
in  America"  was  a  success.  The  application:  voting  in 
the  7-week-long  "All  My  Children's"  Sexiest  Man  in  America 
Contest.  Some  2.5  million  votes  were  cast,  including  as 
many  as  60  in  a  week  by  a  few  impassioned  soap  fans.  > 
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bilities.  Windows  Server  2003  Service  Pack  1,  due  later  this  year, 


will  inspect  clients  for  malicious  code  before  allowing  them  to 
connect  to  the  network.  Microsoft  has  been  focusing  on  its 
Trustworthy  Computing  initiative  since  early  last  year,  but  bugs 
continue  to  plague  the  company’s  software. 

Probe  at  GA  costs  three  their  jobs 

■  Sanjay  Kumar,  Computer  Associates’ chairman  and  CEO,  has  requested  and  received 
the  resignations  of  three  senior  executives  in  response  to  preliminary  results  from  an 
internal  investigation  into  the  company’s  accounting.  The  results  determined  that  CA 
booked  revenue  from  some  sales  prematurely  during  its  fiscal  year,  ended  March  31, 
2000,  CA  said  in  a  statement.  As  a  result,  Ira  Zar,  CFO;  Lloyd  Silverstein,  senior  vice  presi¬ 
dent  of  finance;  and  David  Rivard, vice  president  of  finance,  resigned  from  the  company 
last  week.The  three  oversaw  the  company’s  sales  accounting  during  the  period  in  ques¬ 
tion.  The  investigation’s  initial  results  revealed  a  number  of  software  contracts  in  fiscal 
2000  that  appeared  to  have  been  signed  after  the  end  of  the  quarter  in  which  the  rev¬ 
enues  were  recognized.  The  revenue  should  have  been  recognized  in  the  quarter  in 
w'hich  the  contracts  were  signed. 

Battle  over  SiteFinder  continues 

ft  VeriSign  last  week  continued  to  butt  heads  with  the  Internet  Corporation  for 
\s  .igned  Names  and  Numbers  over  the  future  of  its  now-suspended  SiteFinder  service, 
.  'i  redirects  users  who  mistype  an  Internet  domain  name  ending  in  .com  or  .net  to 
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a  commercial  site  that  VeriSign  operates.  VeriSign  officials  held  a  press  briefing  to 
defend  SiteFinder, saying  the  service  does  not  threaten  the  Internet’s  security  or  stabil¬ 
ity.  While  acknowledging  that  SiteFinder  caused  problems  for  some  spam  filters, 
VeriSign  said  the  service  adheres  to  all  appropriate  standards  regarding  wildcard  or 
redirection  services  in  the  DNS.  ICANN  held  a  meeting  in  Washington,  D.C.,  to  discuss 
difficulties  SiteFinder  causes.  Critics  say  it  not  only  affects  spam  blockers  but  also  trig¬ 
gers  problems  for  blind  and  non-English-speaking  users  of  the  Intqjriet.  These  critics 
say  the  bigger  concern  is  that  some  ISPs  are  blocking  SiteFinder  with  homegrown  fixes 
that  might  lead  to  Internet  instability.  ICANN’s  Security  and  Stability  Advisory 
Committee  will  issue  a  formal  recommendation  about  whether  VeriSign  should  be 
allowed  to  relaunch  the  service. 

Bill  disputes  won't  hang  up  numbers 

■  The  Federal  Communications  Commission  last  week  issued  an  order  on  wireless 
number  portability  rules  that  says  wireless  service  providers  must  port  a  customer’s 
wireless  telephone  number  to  the  carrier  of  their  choice  even  if  they  have  an  out¬ 
standing  bill.  Wireless  service  providers,  including  Alltel,  AT&T  Wireless  Services, 
Cingular,  Nextel  and  Sprint,  were  behind  an  effort  to  hold  hostage  phone  numbers 
belonging  to  users  with  outstanding  bills.  The  industry  was  up  in  arms  over  the 
suggestion  that  a  business  customer  with  a  legitimate  billing  gripe  would  be  forced 
to  stay  with  a  carrier  until  that  billing  dispute  was  resolved.  The  order  also  says 
that  wireless  carriers  are  not  required  to  have  direct  network  interconnections  with¬ 
in  specific  areas  in  order  to  port  a  customer’s  wireless  phone  number.  If  wireless 
service  providers  “cannot  reach  an  agreement  on  the  terms  and  conditions  of  port¬ 
ing,  they  must  port  numbers  upon  receipt  of  a  valid  request,  with  no  conditions,” 
the  FCC  says. 


)11  your  own  Segway 

ckwell  built  himself  a  discount  Segway-like  scooter,  using  standard  off-the- 
aonents  and  a  200-line  application  he  wrote  in  C  -  for  about  half  the  price. 

<  re  some  drawbacks  -  such  as  the  ability  to  pitch  a  rider  face  first  onto  the 

Si  Read  more  at  u'u'iv.nu'fusion. com,  DocFinder:  8040. 


Emulex  snaps  up  Vixel 

■  Fibre  Channel  host  bus  adapter  vendor  Emulex  last  week  acquired  Vixel,  a  maker  of 
Fibre  Channel  switches,  for  $310  mill  ion.  Vixel’s  embedded  switching  products  will  be 
added  to  Emulex’s  host  bus  adapter  business.  Vixel  was  one  of  the  early  switch  manu¬ 
facturers,  but  fell  behind  Brocade  and  McData.  Earlier  this  year  there  also  was  consoli¬ 
dation  of  the  Fibre  Channel  switching  industry  when  Broadcom  acquired  Gadzoox. 
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Carriers  answer  VoIP  phone  threats 


■  BY  DENISE  PAPPALARDO 

Incumbent  long-distance  car¬ 
riers  insist  they  are  not  sitting 
idle  as  fledgling  voice-over-IP 
service  providers  skim  voice 
minutes  —  and  revenue  —  from 
their  networks. 

Skype  is  only  the  latest  broad¬ 
band  voice-over-IP  company  to 
create  a  buzz  by  offering  a  free 
alternative  to  traditional  tele¬ 
phone  services.  The  company 
says  about  1  million  people  have 
downloaded  its  peer-to-peer  soft¬ 
ware  that  lets  users  call  other 
Skype  users  without  cost. 

And  Skype  is  not  the  only  new 
game  in  town.  Broadband  VoIP 
service  providers  such  as  Vonage 
and  8x8  could  be  bigger  threats 
to  AT&T,  MCI  and  Sprint.  The 
heavyweights  for  years  have 
watched  voice-service  revenue 
drop  even  without  the  VoIP  com¬ 
petitors,  which  last  week  were 
encouraged  by  a  Minnesota 
court  ruling  that  could  lessen  reg¬ 
ulatory  burdens  on  them. 

AT&T  and  MCI  companies  are 
paying  close  attention  to  Vonage. 

They  do  not  seem  as  concerned 
about  Skype, which  requires  users 
to  download  software  and  does 
not  support  connectivity  to  the 
public  switched  telephone  net¬ 
work  (PSTN). 

“Everyone  is  watching  Vonage,” 
says  Tom  Valovic,  director  of  IP 
telephony  at  IDC.“It  has  that  dis¬ 
ruptive  potential  that  has  been 
talked  about  with  VoIP  for  many 
years.” 

Last  month,  Vonage  announced 
that  it  had  installed  50,000  access 
lines.The  company  offers  unlimit¬ 
ed  long-distance  and  local  calling 
for  $35  per  month.  The  attraction 
is  that  customers  still  can  use  their 
standard  telephone,  although  they 
are  required  to  install  a  device 
that  connects  to  a  RJ-45  tele¬ 
phone  jack.  Users  can  call  anyone 
anywhere  in  the  world. 

Even  though  its  traditional 
voice  revenue  could  be  in  jeop¬ 
ardy,  AT&T  sees  the  value  of  a 
1  roadband  VoIP  service. The  tele¬ 
com  giant  has  been  testing  a 
•  roadband  voice  service  with 

nnloyees.  And  while  MCI 
■  n't  say  if  it  is  readying  a  sim- 
fering,  the  carrier  is  taking 
'  tar, Sprint  is  mute  on  the 

v  me  of  the  incumbents 
o'  ening  their  broadband 

v  ’  f’ies,  their  competitors 
arc  •  iterating. 

Si  th  brainchild  of  the 


The  PSTN  is  far  from  dead 

More  businesses  and  consumers  are  expected  to 
continue  to  adopt  VoIP  services,  but  the  vast  majority 
of  calls  still  will  be  sent  over  the  PSTN. 
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people  who  developed  Kazaa, 
which  in  addition  to  being  a  pop¬ 
ular  file-swapping  system  has 
turned  into  a  major  security  and 
bandwidth  headache  for  network 
administrators.  It’s  not  clear 
whether  Skype  presents  similar 
issues,  but  one  thing  is  certain:  A 
lot  of  people  are  downloading 
the  software,  and  it’s  sending  traf¬ 


fic  via  Internet  that  would  have 
otherwise  traveled  over  the  PSTN. 

Another  company  in  the  same 
genre  as  Vonage  is  8x8,  which 
offers  its  Packet8  broadband  VoIP 
service  to  consumers  and  small 
businesses.  Packet8  service  starts 
at  $20  per  month  for  unlimited 
calling. 

Besides  the  fact  that  the  ser¬ 


vices  let  users  lower  their  month¬ 
ly  telephone  expenses,  these 
packages  are  truly  flat-rate.  When 
AT&T,  SBC  or  Verizon  offers  a  flat- 
rate  package,  users  see  a  handful 
of  service  fees  related  to  state  and 
federal  regulations  on  their 
monthly  invoice.  Until  recently 
Vonage  and  8x8  didn’t  have  to 
worry  about  these  regulations. 

California,  Minnesota  and  Wis¬ 
consin  are  trying  to  regulate  VoIP 
service  providers  as  traditional 
voice  carriers.  But  the  VoIP  side 
won  one  battle  in  Minnesota  last 
week  when  a  federal  court  put  an 
end  to  the  state’s  efforts  to  regu¬ 
late  Vonage  as  a  carrier  offering 
voice  over  a  circuit  switched  net¬ 
work  (see  www.nwfusion.com, 
DocFinder:8046). 

These  VoIP  services  are  more 
successful  than  previous  VoIP 
incarnations  because  they  let 
users  call  anyone  on  the  PSTN, 
While  all  Vonage  and  8x8  voice 
calls  are  initiated  over  an  IP  con¬ 
nection,  the  vast  majority  are  ter¬ 
minated  over  the  PSTN,  IDC’s 
Valovic  says. 


This  might  be  just  one  reason 
why  incumbents  are  taking  a  clos¬ 
er  look  at  these  alternative  ser¬ 
vice  offerings. 

AT&T  says  it  is  testing  a  broad¬ 
band  VoIP  service  that  it  might 
introduce  to  consumers.  The  car¬ 
rier  says  its  offering  is  not  in 
response  to  companies  such  as 
Skype  or  Vonage,  but  rather  is 
designed  to  offer  customers  more 
flexibility 

“We  have  our  own  game  plan," 
says  Joe  Aibinder,  director  of 
AT&T  voice-over-internet  services. 

AT&T  just  finished  an  employee 
trial  for  a  consumer  voice  service 
that  runs  over  an  IP  broadband 
connection.  Now  the  carrier  is  set¬ 
ting  up  an  external  trial  with  resi¬ 
dential  customers. 

“It’s  not  just  about  [plain  old 
telephone  service], but  the  poten¬ 
tial  to  support  new  features,”  he 
says.  AT&T’s  plan  is  not  to  simply 
introduce  a  service  that  could 
cost  less  than  the  company’s  tra¬ 
ditional  local  and  long-distance 
voice  packages.  Instead,  AT&T 
See  VoIP,  page  15 


Microsoft  SMS  2003  package  ready  to  go 


Management  buildup 

Microsoft  is  working  on  a  multi-year,  multi-stage  plan 
to  create  a  platform  for  managing  Windows  and 
Windows-based  applications. 


Sept  3  Microsoft  ships  Automated  Deployment  Services,  system 
imaging  technology. 

Oct  8:  System  Management  Server  2003,  a  software  distribution  tool,  | 
completed  with  release  set  for  Nov.  11. 

Mid-2004:  Microsoft  Operations  Manager  2004  expected  to  ship, 
followed  by  release  of  System  Center  1.0. 

2006:  Expected  release  of  “Orcas”  version  ofVisual  Studio.Net,  Long¬ 
horn  operating  system  and  fully  integrated  version  of  System  Center. 

\ _ 


■  BY  JOHN  FONTANA 

Microsoft  next  month  is  sched¬ 
uled  to  release  the  first  of  two 
management  tools  slated  to  play 
a  prominent  role  in  the  com¬ 
pany’s  strategy  to  develop  a  plat- 
form-wide  infrastructure  for  man¬ 
aging  Windows. 

The  final  code  of  System  Man¬ 
agement  Server  (SMS)  2003,  a 
software-distribution  tool,  will  be 
released  to  manufacturing  next 
week,  and  the  software  is  sched¬ 
uled  to  be  available  Nov.  1 1,  more 
than  a  year  behind  schedule. 
SMS  2003,  along  with  the  forth¬ 
coming  Microsoft  Operations 
Manager  (MOM)  2004,  eventu¬ 
ally  will  be  integrated  into  a  new 
product  called  System  Center 
that  will  be  a  key  element  of 
Microsoft’s  Dynamic  Systems 
Initiative  (DSI)  management 
plan,  the  company  says. 

MOM  2004,  an  event-  and  per¬ 
formance-monitoring  tool,  is 
scheduled  to  go  into  its  first  pub¬ 
lic  beta  by  year-end. 

Version  1.0  of  System  Center, 
which  will  let  SMS  and  MOM 
share  a  data  warehouse  and 
reporting  engine,  is  expected  to 
ship  in  the  middle  of  next  year, 


about  two  months  after  MOM 
2004.  Subsequent  System  Center 
releases  will  fuse  the  two  tools 
into  a  single  product  for  manag¬ 
ing  desktops,  laptops,  PDAs,  appli¬ 
cations  and  servers. 

DSI,  which  was  introduced  in 
March,  lays  out  a  platform  that 
supports  a  self-managing  Win¬ 
dows  environment.  The  environ¬ 
ment  is  built  around  applications 
that  communicate  their  manage 
ment  needs  to  a  network  using  an 


XML-based  technology  Microsoft 
is  developing  called  the  System 
Definition  Model  (SDM). 

Microsoft  has  committed  $1.7 
billion  in  research  and  develop¬ 
ment  this  fiscal  year  for  DSI-relat- 
ed  technologies  in  an  effort  to 
keep  pace  with  rivals  developing 
their  own  utility  computing  plat¬ 
forms  such  as  IBM,  Sun  and  HP 

“The  thing  about  any  of  these 
big  Microsoft  initiatives  is  that 
they  are  so  homogeneous  in 


that  the  focus  on  Windows 
only”  says  Mark  Ehr,  an  analyst 
with  Enterprise  Management 
Associates. 

To  blunt  some  of  the  criticism, 
Microsoft  last  week  unveiled  its 
MOM  Connector  Framework, 
which  will  support  bidirectional 
connections  of  MOM  to  manage¬ 
ment  platforms  such  as  IBM 
Tivoli,  Computer  Associates  Uni¬ 
center  and  Smarts.  Microsoft  also 
announced  three  management 
packs  that  plug  into  MOM  2004 
that  will  add  support  for  Web  ser¬ 
vices  management  capabilities. 
Actional,  Amberpoint  and  Com¬ 
puter  Associates  developed 
the  packs. 

“We  are  trying  to  focus  on  the 
entire  management  process 
starting  with  the  development  of 
applications,  through  deploy¬ 
ment  and  management,  includ¬ 
ing  end-user  feedback,"  says  Bob 
Muglia,  senior  vice  president  of 
Microsoft’s  Enterprise  Manage¬ 
ment  Division.  Muglia  says  the 
next  version  ofVisual  Studio.Net, 
code-named  Whidbey  and  ex¬ 
pected  to  go  into  beta  Oct.  27, 
will  include  some  modeling 
tools  to  build  SDM  features  into 
applications.  ■ 
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Shakeout  looms  over  SSL  remote-access  market 


■  BY  TIM  GREENE 

Security  vendor  NetScreen  Technologies’ 
acquisition  of  Neoteris  last  week  is  the  lat¬ 
est  sign  that  the  burgeoning  Secure  Sockets 
Layer  remote-access  equipment  market 
might  be  set  for  a  major  shakeout. 

The  $265  million  stock-and-cash  deal 
(see.  www.nwfusion.com,  DocFinder:  8044) 
raises  the  question  for  organizations  con¬ 
sidering  the  Web  browser-based  technolo¬ 
gy  of  whether  they  should  take  a  chance 
on  a  start-up  that  might  not  be  around  for 
much  longer,  wait  for  the  market  to  sort 
itself  out  or  go  to  a  more  established  net¬ 
work  equipment  maker  that  might  or  might 
not  have  SSL  products  ready. 

Gartner  counts  24  companies  selling 
products  in  the  SSL  remote-access  market, 
but  industry  watchers  figure  only  a  handful 
will  stick  it  out,  as  start-ups  burn  through 
funding  and  established  network  vendors 
pour  more  resources  into  it.  Those  that 
remain  will  share  what  Infonetics  Research 
projects  to  be  a  $1  billion  market  by  2006. 

“I  give  them  24  months,”  says  Zeus 
Kerravala,  an  analyst  with  The  Yankee 
Group,  referring  to  the  likely  fate  of  most 
SSL  remote-access  gear  newcomers.  One 
recent  casualty  was  U.K.-based  Aspelle, 
which  shut  down  its  operations  in  August, 
only  a  year  after  opening  shop  in  the  U.S. 

Among  those  fighting  to  survive,  expect  a 
frenzy  of  product  upgrades  as  vendors  try 
to  provide  a  common  set  of  desirable  fea¬ 
tures, such  as  ways  to  ensure  the  integrity  of 
remote  computers  and  to  streamline 
authentication  of  remote  end  users. 

Also  expect  the  network  industry’s 
biggest  names,  from  Check  Point  to  Cisco 
and  Nokia  to  Nortel,  to  step  up  their  efforts. 

NetScreen’s  acquisition  of  Neoteris,  con¬ 
sidered  an  industry  leader,  serves  to  com¬ 
plement  NetScreen’s  IP  Security  VPN  line 
with  SSL  remote-access  products. 

Cisco  says  it  will  announce  its  SSL 

Raising  questions 

Is  now  the  right  time  for  you  to  buy 
into  SSL  remote  technology?  Here  are 
a  few  questions  to  ask  first. 


•  Is  it  safe? 

If  you’ve  ever  given  out  your  credit  card 
number  or  banked  online,  you've  already 
trusted  it  Examine  how  well  vendors  protect 
remote  machines  and  what  management 
tools  they  offer. 

•  Why  not  stick  with  IP  Security? 

Using  SSL  remote  access  requires  no  remote 
clients  to  reach  Web-based  applications  and 
can  access  even  more  applications  with  the 
use  of  Java  and  Active  X  agents. Top  SSL 
vendors  now  offer  network-layer  access,  the 
same  access  that  IPSec  grants. 

•  Start-up  or  established  vendor? 

A  shakeout  has  begun  among  start-ups, 
while  established  network  players  are  getting 
their  SSL  stories  in  order. 


remote-access  plans  this  fall  and  that  it  has 
potential  start-up  customers  delaying  their 
decisions.  According  to  an  unpublished 
Yankee  Group  survey  of  248  IT  executives, 
the  top  option  for  an  SSL  remote-access 
vendor  is  Cisco,  even  though  it  doesn’t 
have  an  offering  yet,  Kerravala  says. 

While  start-ups  might  have  the  best  SSL 
remote-access  technology,  there  is  plenty  to 
be  said  for  going  with  a  more  established 
firm,  says  David  Thompson,  an  analyst  with 


■  BY  ANN  BEDNARZ 

BEA  Systems  this  week  is  expected  to 
unveil  software  for  securing  applica¬ 
tions  and  managing  user  access  across 
heterogeneous  legacy,  Web  and  applica¬ 
tion  platforms. 

WebLogic  Enterprise  Security  (WLES) 
addresses  a  problem  created  by  disparate 
silos  of  application  security  programming, 
says  George  Kassabgi,  vice  president  and 
general  manager  of  application  security 
infrastructure  at  BEA. 

When  software  developers  are  responsi¬ 
ble  for  coding  and  maintaining  security 
policies  for  individual  applications,  it 
inflates  the  cost  of  creating,  integrating  and 
administering  those  applications,  Kassabgi 
says.  As  companies  expose  more  data  to 
expanding  user  communities,  the  security 
burden  gets  heavier,  he  says. 

WLES  is  aimed  at  replacing  proprietary, 
application-specific  security  silos  with  a 
single  platform  for  managing  application 
security  The  new  product  is  designed  to 
work  in  conjunction  with  a  company’s 
existing  security  products. 

Analysts  agree  managing  users’  identities 
and  access  privileges  is  a  key  user  issue. 

“[Companies]  have  so  many  different 
platforms  and  application  architecture 
environments  they’ve  reached  a  complex¬ 
ity ‘tipping  point’ that  begs  for  some  kind  of 
order,”  says  Earl  Perkins,  a  vice  president  at 
Meta  Group. 

“None  of  the  systems  work  together,  there 
are  copious  legacy  solutions,  and  now 
everyone  wants  to  make  applications  and 
resources  easily  accessible  over  Web  ser¬ 
vices,”  says  Matthew  Kovar,  a  research 
director  at  The  Yankee  Group. 

BEA  is  not  the  first  infrastructure  software 
maker  to  venture  into  security  manage¬ 
ment,  of  course.  A  BEA  rival  on  the  appli¬ 
cation  server  front,  IBM  offers  a  suite  of 
identity,  access  and  privacy  management 
tools.  However,  the  two  companies  take  dif¬ 
ferent  approaches,  Perkins  says. 

IBM  is  building  its  own  identity  manage¬ 
ment  and  security  product  suite,  whereas 
BEA  is  focused  on  integrating  different 
security  components  at  an  application 
level. “IBM’s  solution  is  much  broader  and 
includes  elements  of  administration  and 


Meta  Group.  Vendors  such  as  Check  Point 
and  Cisco  are  likely  to  integrate  SSL 
remote-access  technology  with  their  other 
platforms  to  streamline  management  and 
keep  down  the  number  of  devices  in  the 
network,  he  says. 

Still,  buying  SSL  remote-access  gear  from 
a  start-up  now  —  even  if  the  company  gets 
acquired  or  goes  out  of  business  —  can  be 
justified,  says  Dave  Bailey,  senior  consul¬ 
tant,  global  IT  for  Imersys,  an  international 


Deployment  roadblock 

Network  executives  say  security 
concerns  are  slowing  technology 
implementations,  particularly 
remote  applications  (32.2%)  and 
e-business  applications  (26.6%). 

SOURCE:  NETWORK  WORLD  500  SURVEY 


management.  There  is  some  competition, 
but  it’s  deep  within  the  access-manage¬ 
ment  and  integration  product  lines,” 
Perkins  says. 

Nonetheless,  there  are  competitive  dri¬ 
vers  behind  WLES,  observers  say.  BEA 
needs  WLES  to  compete  with  the  security 
extensions  —  Access  Manager  and 
Identity  Manager  —  that  IBM  has  added  to 
its  WebSphere  platform,  says  John 
Pescatore,  a  vice  president  at  Gartner. 

Laura  Koetzle,  a  senior  analyst  at 
Forrester  Research,  agrees.  WLES  is  more 
about  keeping  existing  BEA  customers 


mining  and  building  materials  company  in 
Sandersville,  Ga.,  that  uses  Whale  Com¬ 
munications  SSL  equipment.  Bailey  need¬ 
ed  a  way  for  remote  users  to  access  corpo¬ 
rate  e-mail  servers  over  the  Internet. 
“[Whale]  had  this  mail  thing  down  to  aT 
and  we  had  it  up  and  running  within  a  day’ 
he  says. 

If  the  investment  is  for  $50,000  or  less  and 
the  product  lasts  three  years,  a  company 
can  get  its  money’s  worth,  he  says.  ■ 


happy  than  winning  over  new  platform 
customers."]  don’t  see  [WLES]  as  a  way  of 
expanding  BEAs  footprint,  but  rather  a  way 
of  making  sure  its  customer  base  doesn’t 
get  eaten  out  from  under  it  by  the  various 
platform  vendors,”  Koetzle  says. 

BEA  used  authorization  technology 
gained  in  its  January  acquisition  of 
CrossLogix  to  build  WLES.  The  new  itera¬ 
tion  features  a  Web  services-based  model 
that  lets  developers  delegate  certain  appli¬ 
cation-security  functions  —  such  as 
authentication  or  auditing  —  to  a  shared 
infrastructure,  rather  than  maintain  these 
functions  redundantly  within  individual 
applications. 

To  create  shared  security  services,  users 
can  abstract  existing  security  code  from  an 
application  and  turn  it  into  a  service  using 
BEA  tools.  Alternatively, WLES  includes  out- 
of-the-box  security  services  such  as 
authentication,  identity  assertion,  creden¬ 
tial  mapping,  rules-based  parametric 
authorization  and  auditing. 

BEA  says  WLES  will  be  available  later  this 
month,  priced  at  $10,000  per  CPU.  ■ 


Middleware. 
It’s  on  Broadway. 


BEA  tackles  application  security 


www.nwfusion.com  | 


10 


NetworkWorld 


10/13/03 


News 


Nortel  taps  SMB  installed  base  with  VoIP 

IP-enabled  Norstar,  new  IP  PBXs  are  on  tap. 


■  BY  PHIL  HOCHMUTH 

Nortel  last  week  unveiled  sev¬ 
eral  new  products  and  up¬ 
grades  aimed  at  letting  smaller 
companies  more  easily  add 
and  support  voice-over-IP  and 
convergence  applications. 

Nortel  announced  a  gateway 
for  IP-enabling  its  widely  used 
Norstar  phone  system  that 
could  help  small  them  take 
advantage  of  VoIP  without  re¬ 
quiring  them  to  swap  out  their 
PBXs.  It  also  released  a  new  ver¬ 
sion  of  its  Business  Communi¬ 
cations  Manager  (BCM),a  com¬ 
bined  IP  PBX,  router  and  fire¬ 
wall,  which  could  help  small 
and  midsize  firms  roll  out 
secure  converged  networks. 

The  Norstar  VoIP  gateway 
could  let  voice  travel  over  pri¬ 
vate  data  connections  by  adding 
up  to  three  H.323  VoIP  trunks  to  a 
Norstar  PBX.  The  gateway  also 
adds  quality  of  service  (QoS)  by 
prioritizing  packetized  voice 
before  sending  it  over  the  WAN. 
QoS  settings,  and  other  configu¬ 
ration  tasks,  can  be  made  on  the 
gateway  via  a  Web  browser. 

Testing  it  out 

IP-enabling  a  network  of 
Norstar  systems  could  be  a  large 
cost-saver  for  home  entertain¬ 
ment  retailer  Tweeter  Home  En¬ 
tertainment  Group.  The  Canton, 
Mass.,  company  runs  Norstar 
and  other  phone  systems  in  its 
170  stores  and  currently  is  trying 
out  the  Norstar  VoIP  gateway, 
according  to  Bill  Morrison,  the 
firm’s  CIO. 
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■  THIS  WEEK'S  QUESTION: 

Which  ISP  has  snapped 
up  two  route-control  com¬ 
panies  —  netVmg  and 
Sockeye  Networks  —  over 
past  couple  of  months? 

Supped?  Get  the  answer  online. 

kttwrt  W»rW  fusion  and  enter 

2M9  n  the  Search  box. 


For  the  little  guy 

Targeting  small  and  midsize 
firms,  Nortel  is  introducing 
new  VoIP  and  security  gear, 
including: 

•  A  new  version  of  Business 
Communications  Manager 
with  added  security  and 
management. 

•  A  VoIP  gateway  for  the 
Norstar  small-office  PBX. 

•  New  Conti vity  VPN/gateway 
offerings  for  smaller  shops. 


“We  do  a  ton  of  store-to-store 
calling,”  Morrison  says,  which 
usually  involves  employees 
checking  availability  and  pricing 
of  items  among  the  company’s 
170  stores. 

“The  cost  of  making  phone 
calls  is  going  down,  but  it’s  still 
not  free,”  he  says.“If  we  could  put 
those  [inter-store]  calls  over  our 
data  network,  it  could  save  us 
some  money’ 

Morrison  says  his  firm  is  in  the 
early  stages  of  evaluating  the 


product,  and  that  he  and  his  staff 
have  not  calculated  the  cost  sav¬ 
ings  VoIP  could  add. 

Nortel  introduced  the  Norstar 
phone  system  for  small  and 
midsize  companies  in  1994  and 
has  more  than  13  million  hand¬ 
sets  installed  worldwide,  ac¬ 
cording  to  The  Yankee  Group. 
Leveraging  this  installed  base 
could  help  Nortel  catch  up  to 
Cisco  in  the  enterprise  IP  tele¬ 
phony  market.  Cisco,  the  market 
leader  with  more  than  2  million 
IP  phones  installed,  last  week 
also  tried  to  entice  small  com¬ 
panies  by  introducing  a  new 
version  of  in  its  10S  router  oper¬ 
ating  system  with  call-control 
features  that  can  turn  Cisco 
routers  into  IP  PBXs  for  branch 
offices. 

3Com  also  competes  in  small- 
business  IP  telephony  with  its 
NBX  platform. The  company  last 
year  introduced  a  gateway  that 
lets  its  NBX  IP  PBX  work  with 
Nortel’s  Norstar  handsets  in  an 
effort  to  win  over  Nortel’s 
installed  base. 

New  features  in  Nortel’s  BCM 
3.5  include  tighter  integration 
with  Nortel’s  Succession  IP  PBXs 


for  large  companies.  This  will  let 
BCM  devices  be  integrated  into 
Succession  IP  PBX  dial  plans 
and  let  BCMs  share  user  direct¬ 
ory  and  moves/adds/changes 
databases  with  a  Succession 
IP  PBX. 

The  addition  of  Secure  Shell 
and  Secure  Sockets  Layer  sup¬ 
port  is  also  new  to  the  BCM. 
These  features  could  be  used 
to  encrypt  passwords  and 
other  management  traffic  in¬ 
volved  with  administering  and 
configuring  a  BCM.  A  browser- 
based  interface  for  managing 
BCMs  also  was  introduced, 
which  can  let  an  administrator 
access  the  BCM  from  any  PC 
with  a  browser. 

On  the  VoIP  applications 
front,  Nortel  announced  a  new 
version  of  its  unified  messaging 
software,  CallPilot  100/150.  The 
software  provides  a  voice  mail 
and  fax  management  platform 
that  can  integrate  with  Micro¬ 
soft  Outlook  and  IBM  Lotus  e- 
mail  servers  to  deliver  one  in¬ 
box  for  end  users.  The  scaled- 
down  version  of  CallPilot  sup¬ 
ports  up  to  300  voice/e-mail/fax 
mailboxes.  ■ 


Alcatel’s  IP  PBX  upgrade  includes 
cell  phone  support,  VLAN  management 


■  BY  PHIL  HOCHMUTH 

Alcatel  this  week  is  scheduled 
to  unveil  several  features  of  its  IP 
PBX  for  large  corporations  that 
will  tie  cell  phones  to  corporate 
IP  telephony  systems. 

Software  upgrades  to  the 
OmniPCX  Enterprise  will  let 
cell  phones  be  integrated  into 
the  IP  PBX.  Other  upgrades 
include  message  integration 
and  virtual  LAN  (VLAN)  man¬ 
agement  features. 

New  software  running  on  the 
OmniPCX  lets  it  integrate  cell 
phones  into  a  corporate  dial 
plan.  To  deploy  the  service,  a 
user’s  cell  phone  is  configured 
into  the  OmniPCX,  which  lets  the 
cell  phone  act  as  an  extension 
on  the  box.  Features  such  as  four¬ 
digit  dialing,  call  forwarding  and 
conference  calling  are  extended 
to  the  cell  phone  user. 

The  feature  also  lets  a  user 
have  one  number  that  rings  both 
his  desk  IP  phone  and  a  mobile 
phone.  Calls  to  a  cell  phone  also 


IP  PBX  meets  the 
cell  phone 

Among  the  new  features 
added  to  Alcatel’s  OmniPCX 
Enterprise  are: 

•  Integration  with  cell  phones,  so 
desk  and  mobile  phones  can 
share  extensions,  voice  mail  and 
other  features. 

•  A  new  Automatic  VLAN 
configuration  feature,  where  IP 
phones  are  configured  into  a 
default  network  segment. 

•  IMAP4  support  that  could  be 
used  to  integrate  voice  mail 
with  other  IP  applications. 

can  be  directed  to  a  corporate 
voice  mail  system,  letting  a  user 
have  one  mailbox  for  message 
retrieval. 

For  converged  network  man¬ 
agement,  Alcatel  also  has  added 
an  automatic  VLAN  registration 
feature  to  the  OmniPCX.  Pre¬ 
viously,  Alcatel  IP  phones  could 


register  themselves  on  a  network 
through  Dynamic  Host  Configur¬ 
ation  Protocol,  but  segmenting 
the  phone  into  aVLAN  had  to  be 
performed  by  a  technician.  The 
new  feature  lets  IP  phones  be 
moved  around  a  network  and 
configured  into  a  pre-defined 
VLAN. 

Experts  say  running  IP  voice 
over  a  VLAN  is  a  good  practice 
because  packetized  voice  run¬ 
ning  on  its  own  dedicated  sub¬ 
network  is  less  susceptible  to 
traffic  congestion  and  network 
attacks. 

Internet  Message  Access  Proto¬ 
col  4  support  also  has  been 
added  to  the  OmniPCX’s  unified 
messaging  platform. This  can  let 
users  of  Microsoft  Outlook,  IBM 
Lotus  Notes  or  Novell  Group- 
Wise  Web  clients  access  fax  and 
voice  mail  messages  from  a 
browser,  in  addition  to  e-mail. 
Deploying  fax  and  voice  mail 
access  from  a  Web  client 
requires  no  extra  client-side  soft¬ 
ware,  Alcatel  says.  ■ 


EDITORIAL  DIRECTOR:  JOHN  GALLANT 
EDITOR  IN  CHIEF:  JOHN  DIX 


■  NEWS 

EXECUTIVE  EDITOR,  NEWS:  BOB  BROWN 
ASSOCIATE  NEWS  EDITOR:  MICHAEL  COONEY 
ASSOCIATE  NEWS  EDITOR:  PAUL  MCNAMARA 

■  INFRASTRUCTURE 


SENIOR  EDITOR:  JOHN  FONTANA 
(303)  377-9057;  Fax:  (303)  377-9059 
SENIOR  EDITOR:  JOHN  COX 
(978)  834-0554;  Fax:  (978)  8344)558 
SENIOR  EDITOR:  DENI  CONNOR 
(512)  345-3850;  FAX:  (512)  345-3860 
SENIOR  EDITOR:  TIM  GREENE 
SENIOR  WRITER:  PHIL  HOCHMUTH 

■  NET.W0RKER 


MANAGING  EDITOR:  TONI  KISTNER.  (207)  8788246 

■  SERVICE  PROVIDERS 

SENIOR  EDITOR:  DENISE  PAPPALARDO. 

(703)  7687573 

MANAGING  EDITOR,  THE  EDGE:  JIM  DUFFY 

■  ENTERPRISE  APPLICATIONS 


SENIOR  EDITOR:  ELLEN  MESSMER, 

(941)  792-1061 

SENIOR  EDITOR:  CAROLYN  DUFFY  MARSAN, 

(703)  9178621;  Fax:  (703)  9178622 
SENIOR  EDITOR:  JENNIFER  MEARS, 

(608)  836-8490;  Fax:  (608)  8368491 

SENIOR  EDITOR:  ANN  BEDNARZ 

SENIOR  WRITER:  DENISE  DUBIE 

SENIOR  EDITOR:  CARA  GARRETSON,  (240)  2460098 

■  COPY  DESK/LAYOUT 

ASSISTANT  MANAGING  EDITOR:  RYAN  FRANCIS 

COPY  CHIEF:  BRETT  COUGH 

SENIOR  COPY  EDITOR:  JOHN  DOOLEY 

COPY  E0IT0RS:  GREG  CUSACK,  MONICA  HAMILTON 

■  ART 


DESIGN  DIRECTOR:  ROB  STAVE 
ART  DIRECTOR:  TOM  NORTON 
SENIOR  OESIGNER:  BRIAN  GA1DRY 
GRAPHIC  DESIGNER:  JACY  EDELMAN 

■FEATURES 


FUTURES  EDITOR:  NEAL  WEINBERG 

SENIOR  MANAGING  EDITOR,  FUTURES:  AMY  SCHURR 

OPINIONS  PAGE  EDITOR:  SUSAN  COLLINS 

■  REVIEWS 


TEST  ALLIANCE  DIRECTOR:  CHRISTINE  BURNS. 

(717)  243-3686 

SENIOR  REVIEWS  EDITOR:  &ITH  SHAW.  (508)  4908527 
TEST  ALLIANCE  PARTNERS:  JOEL  SNYDER.  Opus  One; 
JOHN  BASS.  Centennial  Networking  Labs;  BARRY 
NANCE,  independent  consultant;  THOMAS 
POWELL,  PINT,  Miercom;  THOMAS  HENDERSON. 
ExtremeLabs;  TRAVIS  BERKLEY.  University  ol 
Kansas,  DAVID  NEWMAN,  Network  Test; 
CHRISTINE  PEREY.  Perey  Research  St  Consulting; 
JEFFREY  FRITZ,  University  ol  California.  San 
Francisco:  JAMES  GASKIN. Gaskin  Computing 
Services.  MANDY  ANDRESS.  ArcSec.  GREG  GOD¬ 
DARD,  University  of  Florida 
CONTRIBUTING  EDITORS:  DANIEL  BRIERE.  MARK  GIBBS. 
JAMES  KOBIELUS.  MARK  MILLER 

■  NETWORK  WORLD  FUSION _ 


EXECUTIVE  EDITOR,  ONLINE:  ADAM  GAFFIN 
MANAGING  EDITOR:  MEUSSA  SHAW 
EVENTS  EDITOR:  SANDRA  CITTLEN 
MANAGING  EDITOR,  ONLINE  NEWS:  JEFF  CARUSO, 
(631)  584-5829 

MULTIMEDIA  EDITOR:  JASON  MESERVE 
0NUNE  COPY  CHIEF:  SHERYL  HODGE 
ONLINE  GRAPHIC  DESIGNER:  ZACH  SULLIVAN 

■  SIGNATURE  SERIES 

EDITOR:  BETH  SCHULTZ, 

(773)  283-0213;  Fax:  (773)  2880214 
EXECUTIVE  EDITOR:  JUUE  BOKT.  (970)  482-6454 
COPY  EDITOR:  BRETT  COUGH 

EDITORIAL  OPERATIONS  MANAGER:  t  HERYL  CRIVELLO 
OFFICE  MANAGER,  EDIIORIAL:  GLENNA  FASOLD 
EDITORIAL  OFFICE  A0MINIS1RAI0R:  PAT  JOSEFEK 
MAIN  PHONE  1 508)  460-3333 
E-MAIL-  first  name_last  narne@nww.com 


Face  it. ..worms,  viruses,  unexpected  traffic  surges,  they're  going  to  get  you.  And,  unfortunately,  security  systems  don't  identify  problems... until  the  damage  is  done.  And  as  we  all  know, 
it's  impossible  to  stay  functional  os  your  network  is  slowly  grinding  to  a  halt  or  worse. .  .shutting  down  entirely.  So  the  real  issue  is  network  uptime.  Imagine  a  network  system  so  intelligent,  if  can  quickly  identify 
the  difference  between  good  traffic  and  bad,  with  the  sophistication  to  immediately  throttle  down  and  control  specific  streams  of  traffic,  while  allowing  others  to  enter  and  flow  freely.  It's  a  new  way  of  dealing  with 
o  very  old  problem. .  .maintaining  performance  and  keeping  your  network  up. 
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Glowpoint 
branching 
out  into 
Webcasting 

■  BY  DENISE  PAPPALARDO 

Glowpoint,  known  until  last 
month  as  Wire  One  Technol¬ 
ogies, says  it  will  expand  beyond 
videoconferencing  services  and 
into  Webcasting  by  year-end. 

The  company,  which  earlier 
this  month  shed  its  videocon¬ 
ferencing  product  line  to  focus 
exclusively  on  services,  says  its 
Glowpoint  Webcasting  offering 
will  let  existing  videoconfer¬ 
encing  customers  set  up  on- 
demand  or  live  streaming- 
media  sessions  over  the  compa¬ 
ny’s  network. 

The  new  service  “acts  as  a 
physical,  operational  and  trans¬ 
action  gateway  between  confer¬ 
encing  and  streaming  net¬ 
works,”  says  Andrew  Davis,  man¬ 
aging  partner  at  Wainhouse 
Research. 

The  Glowpoint  network,  based 
on  capacity  leased  from  MCI, 
Qwest  and  others,  connects  1 1 
data  centers  across  the  U.S.The 
company  also  has  data  centers 
in  Canada,  Puerto  Rico,  England 
and  Japan. 

Customers  are  required  to 
have  H.323  videoconferencing 
gear  at  their  sites  that  is  available 
from  vendors  such  as  Polycom. 
Employees  need  only  a  browser 
to  access  the  Webcast. 

To  support  the  service,  Glow- 
point  provisions  symmetric  DSL 
ora  fractional T-l  connection, at 
$500  per  month  for  up  to  512K 
bit/sec. 

At  its  data  centers,  Glowpoint 
produces  and  transmits  cus¬ 
tomers’  videostreaming  content 
on  demand  or  live  for  events 
such  as  a  CEO’s  speech  to 
employees. 

The  company,  which  has  offer¬ 
ed  videoconferencing  services 
for  about  three  years,  will  charge 
for  its  Webcasting  service  based 
on  usage,  in  addition  to  the  flat 
network-connectivity  fee.  If  a 
customer  sets  up  a  30-minute 
saK  -  .urnng  video  to  be  trans¬ 
mitted  to  100  employees,  that 
user  will  pay  for  3,000  minutes 
of  use  Glowpoint  would  not 
reveal  the  per-minute  fee. 

But  the  service  provider  says 
customers  can  expect  cost  sav¬ 
ings  'I  at >out  50%  vs.  ISDN-based 
offerings  K 


AT&T 

continued  from  page  1 

AT&T’s  IP  network,  which  carries 
more  than  1  petabyte  —  or  1 ,000 
terabytes  —  of  data  each  day 

Similar  reports  on  traffic  vol¬ 
umes  and  patterns  are  used 
widely  in  capacity  planning  and 
management  of  telephone  and 
ATM  networks.  These  traffic 
reports  were  unavailable  for  IP 
networks  until  now  because  sci¬ 
entists  had  not  discovered  the 
equations  needed  for  the 
calculations. 

Estimating  traffic  demand  “is 
an  incredibly  important  prob¬ 
lem,  with  uses  in  network  plan¬ 
ning  and  provisioning,”  says 
James  Kurose,  a  professor  in  the 
department  of  computer  science 
at  the  University  of  Massachu¬ 
setts  Amherst.  “Telephone  net¬ 
works  have  used  such  informa- 


engineer  the  network  to  ensure 
that  there’s  no  impact  when  there 
is  any  type  of  preventative  main¬ 
tenance  or  failure,”  Greenberg 
says.“No  matter  what  hits  the  net¬ 
work  [our  corporate  customers] 
will  see  a  continuous  service.” 

AT&T  also  is  considering  using 
IP  traffic  reports  as  part  of  a  man¬ 
aged  service  for  enterprise 
customers. 

“If  you  look  at  any  enterprise 
network,  they  all  have  a  migra¬ 
tion  plan. . . .  It’s  just  the  nature  of 
networks  and  the  dynamics  of 
the  economy  Greenberg  says. 
“This  is  one  of  the  tools  that  can 
help  [a  company]  plan  and  run 
their  networks  and  migrate  from 
A  to  B.”  It  can  help  network  man¬ 
agers  make  good  decisions 
about  migrations,  and  it  can  help 
during  the  switchover  process. 

Corporate  IT  executives  are 
keen  on  the  idea  of  being  able  to 


so  it  has  been  impossible  to 
gather  this  information  until  now. 

“A  basic  traffic  matrix  would  be 
able  to  look  at  the  roads  and  not 
only  tell  you  all  the  people  who 
are  driving  right  now  between 
New  York  and  Orlando  but  how 
many  of  them  are  between  New 
York  and  Philadelphia,”  says 
Greenberg,  who  leads  the  team  of 
researchers  that  invented  tomo- 
gravity  “It  also  tells  you  all  the 
entrances  and  exits  for  all  the 
people  on  the  road.” 

The  tomo-gravity  software  uses 
information  that  is  readily  avail¬ 
able  for  IP  networks  —  the  num¬ 
ber  of  packets  across  particular 
links  and  the  configuration  data 
on  the  routers  —  to  extrapolate 
the  traffic  matrix. 

Routers  in  AT&T’s  IP  backbone 
count  packets  across  tens  of  thou¬ 
sands  of  links,  with  measure¬ 
ments  being  collected  every  5 


How  AT&Ts  tomo-gravity  software  works 


o 

Routers  in  AT&Ts  IP  backbone  count 
packets  across  tens  of  thousands  of 
links;  measurements  collected  using 
SNMP  at  5-minute  intervals.  Router 
configuration  data  also  Is  collected. 


© 

SNMP  and  router  con¬ 
figuration  data  are  entered 
into  the  tomo-gravity  software, 
which  uses  statistical  algorithms 
to  analyze  it. 


©  - 

In  seconds,  software  produces  a  spreadsheet 
—  called  a  traffic  matrix — that  lists  all 
backbone  routers  and  shows  how  much  data  is 
flowing  between  them.  Network  engineers  route 
around  outages  and  congestion. 


tion  extensively,  but  this  informa¬ 
tion  has  been  very  hard  to  get  for 
IP  networks.” 

Kurose  calls  AT&T’s  tomo-grav¬ 
ity  approach  “ingenious”  and  says 
it  estimates  traffic  “in  an  extreme¬ 
ly  computationally  efficient  way 
What’s  also  impressive  are  the  val¬ 
idation  results  that  they’ve  shown 
in  an  operational  network.” 

AT&T  says  it  will  run  daily  IP 
traffic  reports  as  part  of  its  stan¬ 
dard  network  operations  by 
year-end. 

For  AT&T’s  corporate  cus¬ 
tomers,  the  IP  traffic  reports 
should  translate  into  better  relia¬ 
bility  for  AT&T’s  IP  services,  com¬ 
pany  officials  say  These  reports 
are  designed  to  help  AT&T  route 
around  congestion,  failures  and 
scheduled  maintenance  using 
real-time  traffic  data  instead  of 
estimations  that  often  proved 
inaccurate. 

With  an  accurate  picture  of  its 
IP  traffic,  AT&T  will  be  able  “to 


buy  IP  services  with  better 
underlying  network  engineering. 

“If  AT&T  is  saying  that  they  can 
make  their  IP  network  more 
intelligent  .  .  .  that  would  be  a 
potential  benefit,”  says  Jay 
Woloszynski,  vice  president  of 
shared  technology  services  and 
CTO  of  Oxford  Health  Plans,  a 
Connecticut  healthcare  com¬ 
pany  “If  they  can  do  it  without 
serious  overhead,  it  sounds  very 
interesting.” 

The  tomo-gravity  software  pro¬ 
duces  what’s  called  a  traffic 
matrix  for  an  IP  network. 

A  traffic  matrix  tells  network 
engineers  not  only  the  volume  of 
traffic  on  major  backbone  routes 
but  also  the  source  and  destina¬ 
tion  of  all  the  packets  on  the  net¬ 
work.  Traffic  matrices  are  avail¬ 
able  for  the  public  switched  tele¬ 
phone  network  and  ATM  net¬ 
works,  which  are  both  connec¬ 
tion-oriented  networks.  However, 
IP  networks  are  connection-less. 


minutes  using  SNMP  Network 
operators  also  collect  configura¬ 
tion  data  on  all  the  routers  in 
AT&T’s  IP  backbone. 

“We  already  collected  these  two 
pieces  of  data  .  .  .  but  we  didn’t 
know  how  to  put  them  together 
until  recently’ Greenberg  says. 

To  arrive  at  the  tomo-gravity 
approach,  AT&T  researchers  first 
used  gravity  modeling,  which  is  a 
standard  statistical  approach  for 
analyzing  data.  They  refined  the 
gravity  modeling  and  combined 
it  with  tomography  —  also  used 
in  brain  and  Sun  imaging  — 
which  let  them  use  all  the  data 
they  needed  to  calculate  an 
accurate  traffic  matrix. 

The  AT&T  researchers  then 
automated  this  process  by  creat¬ 
ing  software  that  crunches 
through  huge  volumes  of  SNMP 
data  and  produces  a  spreadsheet 
that  lists  the  amount  of  data  flow¬ 
ing  between  each  of  the  routers 
on  the  network.  AT&Ts  tomo-grav¬ 


ity  software  runs  on  a  standard 
laptop  and  takes  only  seconds  to 
produce  an  IP  traffic  matrix. 

Researchers  at  the  lab  are  train¬ 
ing  the  company’s  network  oper¬ 
ations  staff  to  use  the  tomo-grav¬ 
ity  software  to  output  regular  IP 
traffic  matrices.  AT&T’s  network 
operations  staff  will  use  IP  traffic 
matrices  daily  to  predict  traffic 
under  planned  or  unexpected 
router  or  link  failures,  to  forecast 
future  network  requirements,  to 
optimize  routes  and  to  minimize 
congestion. 

The  researchers  invented 
tomo-gravity  a  year  ago,  but  they 
first  presented  it  at  two  network 
engineering  conferences  this 
summer.  The  researchers  have 
tested  the  software  for  a  year,  get¬ 
ting  it  ready  to  move  out  of  the 
labs  and  into  production  use. 

AT&T  funded  the  tomo-gravity 
research  internally  and  a  team  of 
four  engineers  worked  on  it. 

The  labs’  six-year  research  effort 
was  designed  to  create  automat¬ 
ed,  scientific  tools  for  conducting 
network  engineering  on  IP  net¬ 
works.  The  team  tackled  three 
problems:  identifying  the  topol¬ 
ogy  of  IP  networks,  optimizing 
routing  on  IP  networks  and  creat¬ 
ing  a  traffic  matrix  for  IP  networks. 
The  tomo-gravity  approach  solved 
the  last  of  these  three  problems. 

AT&T’s  tomo-gravity  software  is 
“very  good  at  giving  conservative 
and  reliable  estimates  of  IP  traf¬ 
fic,"  says  David  Donoho,  a  profes¬ 
sor  of  statistics  at  Stanford 
University  in  Palo  Alto. 

Donoho  helped  AT&T  research¬ 
ers  understand  and  refine  the  sta¬ 
tistical  techniques  that  the  tomo- 
gravity  software  uses  to  generate 
its  speedy  and  accurate  results. 
The  challenge  of  creating  an  IP 
traffic  matrix  is  similar  to  other 
problems  Donoho  has  studied, 
such  as  brain  imaging,  where  rel¬ 
atively  little  data  is  available  to 
answer  questions. 

“I  heard  about  what  AT&T  was 
doing  [with  tomo-gravity]  and  I 
said:  ‘Gee,  did  you  recognize  that 
there  is  an  information  theory 
way  to  view  this  problem?’”  Don¬ 
oho  says. 

Next  for  the  tomo-gravity  re¬ 
searchers  is  developing  ways  to 
gather  better  network  traffic  data 
from  routers  and  network  probes. 

“If  we  could  redo  what  the  line 
cards  and  routers  are  able  to 
measure,  then  we  can  do  better 
than  SNMP  data,”  Greenberg  says. 
“We’d  get  more  refined  measure¬ 
ments, and  we  could  engineer  the 
IP  network  better* 
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\  Services.  So  start  moving  to  IP  without  the  heavy  lifting 

at  avaya.com/iptelephony.  Or  call  866-GO  AVAYA  today. 
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Only  Avocent  gives  you  complete  Click  and  Connect™ 
control  of  your  data  center  —  all  from  a  single  screen 
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Now  you  can  see  what’s  really  happening  in  your  data  center.  Avocent’s  l)S  Series  lets 
you  access,  maintain  and  troubleshoot  all  your  servers  and  serial  dev  ices  over  IP  -  no 
matter  where  you  are,  even  over  a  browser.  Authenticate  once  and  control  it  all. 

Get  real,  get  the  best  KVM  ()VEI\  IP  solution  available  today.  The  Avocent  I)S  Series. 
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IBM  puts  Domino  users  on  path  to  WebSphere 


■  BY  JOHN  FONTANA 

After  years  of  rumors,  Lotus’  Domino  plat¬ 
form  now  is  going  to  be  melded  with  IBM’s 
next-generation  WebSphere  collaboration 
and  messaging  platform. Company  officials 
said  last  week  that  the  parallel  develop¬ 
ment  tracks  of  Domino  and  the  new  Lotus 
Workplace, a  platform  for  collaboration  ser¬ 
vices  built  on  Java  2  Platform  Enterprise 
Edition  and  relational  databases,  will 
merge  sometime  in  2005. 

While  the  convergence  might  happen 
fast,  Lotus  says  migrations  to  Workplace 
will  happen  as  part  of  a  natural  evolution 
of  Domino  and  that  Domino  will  be 
around  for  years  to  come.  Users,  however, 
will  have  to  become  familiar  with  IBM’s 
WebSphere  product  family  which  supports 
Workplace,  and  Java  development.  They 
also  likely  will  have  to  retool  portions  of 
Domino  applications  to  make  the  transi¬ 
tion  successfully 

“The  important  change  is  that  now  the 
two  are  on  a  deliberate  path  of  conver¬ 
gence,  the  current  Domino  platform  and 
the  next-generation  Workplace,”  says  Ken 
Bisconti,  vice  president  of  Lotus  Work¬ 
place  products.  “Sometime  within  the 
magic  date  of  2005,  across  the  entire  port¬ 
folio  we  will  have  reached  functional  par¬ 
ity  between  the  current  software  [Domi¬ 
no]  and  the  second-generation  [collabo¬ 
rative]  components.” 

Those  components  include  messaging, 
personal  calendar  and  address  books, 
team  spaces,  instant  messaging,  Web  con¬ 
ferencing  and  e-learning.  And  they  fit  into 
the  company’s  On-Demand  and  identity- 
management  strategy  because  users  can 
activate  components  on  an  as-needed 
basis  and  tightly  define  access  control  per 
component. 

Convergence  is  an  announcement  users 
have  awaited. 

“We  knew  it  was  coming  eventually’ says 
Scott  Wenzel,  a  Notes  administrator  for  a 
federal  agency  and  creator  of  several  un¬ 
official  Lotus  Web  sites.  “We  have  been 
hearing  this  convergence  story  for  five 
years,  and  now  they  are  finally  telling  us 


up 

Only  one-third  of  the  Domino 
installed  base,  which  counts 
more  than 

100  million 

users,  also  runs  IBM’s 
WebSphere  platform,  according 
to  company  officials. 


how  it  will  work.” 

Users  haven’t  always  been  receptive  to 
WebSphere-inspired  changes.  Two  years 
ago,  Lotus  created  an  uproar  when  it  pulled 
J2EE  technology  out  of  Domino.  Users  at 
the  time  said  it  was  a  message  to  get  on 
WebSphere  or  be  left  behind. 

Analysts  say  convergence  could  bring 
another  rocky  transition  period  for  IBM 
and  users,  but  that  the  strategy  is  on  the 
right  track. 

Despite  the  convergence,  Bisconti  says  he 
doesn’t  expect  the  end  of  life  for  Domino 
anytime  soon  “We  will  continue  to  invest  in 
Domino,  and  it  will  have  a  long  life  as  a 
rapid  development  environment,”  he  says. 
But  Bisconti  also  says  the  key  area  of 
investment  will  be  to  make  Domino’s  col¬ 
laborative  features  compatible  with  more- 
modern  architectures. 

“We  are  evolving  to  a  service-oriented 
platform,”  he  says. 

That  means  a  set  of  collaboration  com¬ 
ponents  that  run  on  a  J2EE  platform  and 
can  be  accessed  through  a  portal,  which  is 
the  foundation  of  Lotus  Workplace. 

Bisconti  says  within  that  strategy  Domino 
will  become  a  component  ofWorkplace.lt 
won’t  be  rewritten  on  J2EE,  but  rather 
Domino  applications  and  functions  even¬ 
tually  will  be  available  through  the  portal 
to  various  clients. 

Lotus  plans  to  have  five  client  options  for 
Workplace:  the  Notes  client, a  Web  browser, 
Microsoft  Office, mobile  devices  and  a  Java 
client  being  built  on  the  Eclipse  platform. 

Bisconti  says  the  convergence  will  be  a 
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plans  to  bundle  features  such  as  personal 
voice  conferencing  that  aren’t  available 
with  POTS. 

“Vonage  is  a  vendor  that  a  lot  of  people 
have  noticed,  including  us,”  Aibinder  says. 
"But  we  have  our  own  objectives.  Every¬ 
one  needs  to  find  alternative  service 
opportunities.” 

Although  Sprint  declined  to  comment  on 
the  topic,  MCI  also  is  looking  at  the  broad¬ 
band  VoIP  market. 

“I  don’t  want  to  take  anything  away  from 
the  Vonage  folks;  it’s  a  really  good  service. 
But  we  want  to  offer  our  customers  a  reli¬ 


able  service  that  works,”  says  Vinton  Cerf, 
long-time  Internet  activist  and  chief  scien¬ 
tist  at  MCI. 

Broadband  VoIP  presents  a  host  of 
options  that  traditional  telephony  does 
not, he  says.  For  example, customers  will  be 
able  to  use  tools  similar  to  AOL  Instant 
Messenger  to  set  up  and  tear  down  calls, 
he  says. 

“There  is  a  lot  of  interest  on  the  consumer 
side,  but  the  question  is  whether  all  parts 
are  there  for  literally  a  mass-market  ser¬ 
vice,”  Cerf  says.  “We  want  to  do  due  dili¬ 
gence  to  understand  all  of  the  service 
requirements.  We  need  to  be  sure  [quality 
of  service]  comes  out  on  top  right  from  the 
start.”  ■ 


natural  byproduct  of  Notes  and  Domino 
evolution  as  upgrades  to  the  platform  intro¬ 
duce  the  core  tenets  of  Workplace. 

“As  people  go  to  6.0, 6.5  and  beyond,  they 
are  rolling  out  Workplace:  Notes  with 
instant-messaging,  integration,  a  DB2  back¬ 
end,”  Bisconti  says. 

Just  last  month  with  the  release  of  Notes/ 
Domino  6.5,  Lotus  integrated  instant  mes¬ 
saging  directly  into  Notes,  which  eliminates 
the  need  for  a  separate  instant-messaging 
client.  This  shows  how  collaborative  fea¬ 
tures  can  be  added  to  existing  client  soft¬ 
ware.  Earlier  this  year,  Lotus  released 
Workplace  Messaging,  an  e-mail  engine 
and  the  first  Workplace  component. 

Analysts  say  this  slow  merge  from  the 
Domino  track  to  Workplace  won’t  be  with¬ 
out  questions. 

“To  a  certain  extent,  IBM  is  in  a  difficult 
space  for  the  next  18  months  to  two 
years,” says  Matt  Cain,  an  analyst  with  Meta 
Group. “Future  investment  in  Domino  will 
focus  on  integrating  it  into  Workplace.  It’s 
a  murky  transition  area  where  they  wind 
down  investment  in  Domino  as  a  stand¬ 
alone  platform,  yet  the  whole  Workplace 
environment  on  WebSphere  is  not  fully 
baked.”  Cain  says  users  who  license 
Domino  in  this  time  frame  should  ask  if 
they  will  get  the  rights  to  run  it  on  either 
platform. 

He  adds,  however,  that  convergence  is  a 
good  idea  and  should  have  happened  out 
of  the  gate.“Domino  should  be  on  an  enter¬ 
prise  scale  and  keep  up  with  modern 
architectures,”  he  says. 

Other  observers  agree  convergence  is 
good,  but  that  it  will  leave  the  Domino 
faithful  with  some  questions  to  answer. 

“This  extends  the  life  of  Domino  applica¬ 
tions  and  data,  but  I’m  not  so  sure  it 


extends  the  life  of  the  internal  developers, 
corporate  managers  and  third-party  [inde¬ 
pendent  software  vendors]  whose  skill  sets 
are  Domino,”  says  David  Marshak,  an  ana¬ 
lyst  with  Patricia  Seybold  Group. 

He  says  the  big  picture  is  not  an  evolu¬ 
tion  of  the  old  Domino  infrastructure  into 
a  new  one,  but  a  move  to  separate  the  pre¬ 
sentation  of  data  from  the  back-end  data 
source  so  the  data  and  the  logic  can  be 
built  into  portlets  that  are  exposed  on 
WebSphere  Portal  server. 

“There  is  a  lot  of  information  and  data  in 
Domino  databases,”  Marshak  says.  “The 
Domino  applications  may  be  old,  but  you 
can  use  the  new  portal  access,  including 
the  user  interface,  the  logic  and  the  work- 
flow,  to  get  at  that  Domino  data.  IBM  is  try¬ 
ing  to  show  that  the  portal  interface  is  a 
strong  personal  productivity  model.” 

IBM/Lotus  will  be  aggressive  in  pushing 
the  portal  interface  to  present  all  types  of 
data,  Lotus’  Bisconti  says.  Next  year, 
IBM/Lotus  will  introduce  access  to 
Domino  through  portlets,  including  a 
technology  called  Reverse  Proxy  Portlets 
that  will  provide  access  to  the  logic  and 
user  interface  of  Domino  applications. 

Absent  from  the  convergence  message, 
however,  was  talk  about  contextual  col¬ 
laboration,  a  concept  for  building  client 
access  to  collaborative  components  from 
within  other  applications  such  as  CRM. 
Both  Lotus  and  rival  Microsoft  have  been 
touting  the  concept  for  nearly  two  years. 

“1  think  this  convergence  might  be  the 
first  phase,”  Meta’s  Cain  says.  “The  focus 
now  is  on  resolving  migration  with 
Domino,  but  once  that  is  solved  they  may 
turn  back  to  creating  an  environment 
where  you  can  embed  components  within 
applications.”* 
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all  their  systems  together,  and 
adding  pieces  along  the  way 
could  make  the  most  sense  for 
cost-conscious  enterprise  compa¬ 
nies,”  says  Glenn  O’Donnell,  a 
research  director  at  Meta  Group. 
Visibility  into  the  mainframe  and 
automation  across  that  platform 
and  other  distributed  platforms 
could  help  enterprise  network 
managers  get  a  better  handle  on 
the  storage  capacity  they  have, 
and  storage  virtualization  could 
provide  the  tools  to  bring  all  that 
capacity  into  one  shared  re¬ 
source  pool. 


The  plans  rely  heavily  on  IBM’s 
autonomic  computing  technolo¬ 
gies,  which  are  part  its  on- 
demand  initiative  that  proposes 
to  make  network,  server,  storage 
and  other  resources  available  on 
an  as-needed  basis. 

Big  Blue,  along  with  HP 
Microsoft,  Sun  and  others  in  the 
past  year  announced  utility  com¬ 
puting  initiatives  promising  to 
reduce  costs,  pool  resources, 
increase  efficiencies  across  data 
centers  and  better  align  critical 
business  services  with  IT  infra¬ 
structure.  That  includes  legacy 
systems. 

That’s  what  IBM  has  in  mind 
with  Storage  Tank,  which  links 


Data-center  motivation 

In  a  recent  survey,  IT  managers  said  cost  cuts  and 
performance  gains  are  the  leading  drivers  to  adopt  new 
data  center  automation  technologies. 

Utility  computing  Virtualization 


Greater  flexibility  in  assigning  IT  resources 
Increased  business  agility 
■  Increased  performance/service  levels 
Increased  utilization  rates 


■  Reduction  of  capital  costs 

■  Reduction  of  data-center  floorspace 

■  Reduction  of  IT  staffing  costs 


The  company  announced: 

•  The  TotalStorage  SAN  File 
System  —  code-named  Storage 
Tank  and  set  to  be  available  next 
month  starting  at  $90,000  —  a 
software  and  hardware  package 
that  will  let  customers  allocate 
storage  to  particular  applications 
and  provision  servers. 

•  A  partnership  with  Cisco  to 
develop  standards  that  would  let 
software  from  IBM  and  poten¬ 
tially  others  discover  configura¬ 
tion  errors  on  Cisco  gear,  and 
automatically  reconfigure  and/or 
provision  new  gear  to  accommo¬ 
date  a  spike  in  demand. 

•  The  IBM  Web  Infrastructure 
Orchestration  package,  which 
unites  the  company’s  WebSphere, 
;  '2  ■  Litabase  and  Tivoli  Storage 
Manager  with  its  BladeCenter 
ser  ‘  rs  and  is  controlled  and 
managed  by  Tivoli  Intelligent 
TiiinkPynainic  Orchestrator  pol- 
ic  !  a.  .*•<'  software. Orchestrator  is 
embedded  n  the  blade  servers 
am  can  shift  resources  among 
packaged  items  as  needed. 


previously  isolated  server  and 
storage  units  so  large  amounts  of 
data  can  be  accessed,  stored  and 
managed.  Once  virtualized,  this 
pool  of  data  can  be  automatically 
allocated  or  migrated  to  other  sys¬ 
tems  as  needed.  Data,  no  matter 
where  it  resides  or  what  operating 
system  it  runs  on,  looks  as  if  it  is 
part  of  a  local  file  system. 

“The  SAN  File  System  is  one  of 
the  basic  foundation  technolo¬ 
gies  for  utility  computing,”  says 
Jamie  Gruener,  a  senior  analyst 
with  The  Yankee  Group.  “The  bot¬ 
tom  line  looking  ahead,  and  one 
of  the  core  things  any  vendor  has 
to  do, is  to  be  able  to  virtualize  the 
file  and  volume-level  information 
in  a  way  that  it  can  be  taken 
advantage  of  by  other  manage¬ 
ment  tools  and  applications.” 

Storage  Tank  performs  its  virtu¬ 
alization  by  assigning  metadata 
references  to  data  that  describes 
the  data  content.  The  metadata 
then  is  spread  across  the  network 
servers  and  stored  so  it  can  be 
accessed  when  data  needs  to  be 


retrieved.  According  to  IBM, 
Storage  Tank  will  be  able  to  man¬ 
age  petabytes  of  data.  One 
petabyte,  the  company  says,  is  50 
times  the  size  of  the  data  in  all  the 
books  in  the  U.S.  Library  of 
Congress. 

Francois  Grey  OpenLab  devel¬ 
opment  officer  for  CERN  in 
Geneva,  is  installing  IBM’s  SAN 
File  System  to  manage  the  tera¬ 
bytes  of  digital  images  the  organi¬ 
zation’s  Large  Hadron  Collider 
proton  and  ion  accelerator  will 
generate. 

“Each  time  protons  collide  it 
leaves  tracks  in  large  detectors 
we  put  underground.  We  take  an 
image  of  the  tracks  and  store  it 
digitally  Grey  says.  “We  produce 
these  images  at  a  phenomenal 
rate  —  10  to  15  petabytes  of  data 
—  which  we  need  to  analyze  and 
store  for  a  decade.” 

CERN  is  building  a  data  grid  to 
store  these  images  throughout 
the  world. “We  are  testing  Storage 
Tank  to  see  if  it  can  solve  our 
problems  of  managing  this  infor¬ 
mation,”  Grey  says. 

The  Total  Storage  SAN  File 
System  software  works  with  IBM’s 
TotalStorage  Enterprise  Storage 
Server  (code-named  Shark),  SAN 
Volume  Controller  and  Integra¬ 
tion  Server.  It  supports  IBM  AIX 
and  Windows  2000  and  Ad¬ 
vanced  Server.  SAN  File  System 
consists  of  two  IBM  eServer 
xSeries  dual-processor  servers 
that  function  as  metadata  reposi¬ 
tories  and  console  management 
system,  and  storage-area  network 
(SAN)  management  software. 

The  company  also  has  an¬ 
nounced  enhancements  to  its 
IBM  TotalStorage  SAN  Volume 
Controller  software  to  let  it  work 
with  disk  arrays  from  Hitachi  and 
HP  and  be  implemented  on  Cis¬ 
co’s  MDS9000  Fibre  Channel 
switches. 

IBM  also  improved  its  IBM  Tivoli 
Storage  Resource  Manager  Ver¬ 
sion  1.3  to  let  users  analyze  the 
capacity  allocated  to  disks, 
groups  of  disks  and  virtual  disks 
managed  by  the  IBM  TotalStorage 
SAN  Volume  Controller,  and  their 
connections  to  host  systems  and 
file  systems. 

“IBM  is  setting  up  the  infra¬ 
structure  for  managing  the  net¬ 
work  better  down  the  road,” 
Gruener  says. 

Meanwhile,  IBM  announced 
with  Cisco  that  the  companies 
would  work  to  develop  standards 
for  exchanging  information 
about  problems  across  corpora- 
tions.“ 
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Basically  what  IBM  is  working  to 
do  is,  for  example,  develop  intel¬ 
ligence  and  products  that  will 
make  IBM  software  capable  of 
automatically  provisioning  Cisco 
gear’’ says  Steve  Wojtowecz, direc¬ 
tor  of  strategy  for  Tivoli  Software 
in  IBM’s  Software  Group. 


IBM  has  submitted  a  Common 
Base  Event  specification,  which  is 
envisioned  as  the  basis  for  stan¬ 
dardized  exchange  of  problem 
determination  data  via  Web  ser¬ 
vices,  to  the  Organization  for  the 
Advancement  of  Structured  Infor¬ 
mation  Standards.  ■ 


IBM  execs  see  changing  focus 
Ion  security  with  rise  of  WLANs 

In  a  briefing  in  New  York  last  week,  IBM  executives  offered 
their  perspectives  on  what  they  say  are  distinct  changes  in 
security  focus  at  corporations  and  government  brought  on 
by  events  such  as  the  Sept.  11  terrorist  attacks  and  more  every¬ 
day  problems  such  as  poorly  protected  wireless  LANs. 

Although  organizations  have  long  had  strategies  for  backing 
up  electronic  data,  they've  not  routinely  had  paper-based  back¬ 
up,  said  John  Jackson,  vice  president  of  IBM  business  continuity 
and  recovery  services.  But  that  changed  after  the  terrorist 
attacks,  as  IBM  has  seen  growing  demand  for  technologies  to 
retain  paper  records,  such  as  optical  storage  and  jukeboxes, 
because  of  concern  about  physical  damage. 

In  the  case  of  electronic  systems,  “e-mail  backup  is  probably 
the  No.  1  priority  because  people  are  building  critical  systems 
around  e-mail,"  Jackson  noted.  IBM  sees  more  organizations 
designating  a  “chief  security  officer"  to  make  decisions  on  how 
to  protect  physical  and  information  assets. 

During  the  briefing,  held  at  IBM's  New  York  offices,  IBM  exec¬ 
utives  said  the  easy  availability  of  WLANs  is  creating  a  growing 
security  problem  as  employees  install  them  without  official  per¬ 
mission  to  attach  to  a  wired  LAN. 

“Wireless  access  points  are  very  inexpensive  these  days,”  said 
Kent  Blossom,  IBM's  director  of  safety  and  security  services. 
“Someone  will  take  $100  out  of  petty  cash,  go  buy  one  and  set  it 
up."  These  so-called  rogue  access  points,  unknown  to  systems 
administrators,  have  led  to  gaping  holes  in  network  security. 

IBM  acknowledged  it’s  happened  inside  IBM. 

IBM  Global  Services  last  week  announced  a  wireless  intru¬ 
sion-detection  system  (IDS)  service  that  uses  “sniffing"  tech¬ 
nology  to  detect  the  presence  of  rogue  802.11b  WLAN  access 
points.  The  service,  which  will  provide  daily  and  monthly  trend 
reports  and  instant  alerts,  involves  installing  small  Linux-based 
appliances  on  walls  that  can  monitor  for  wireless  network  activ¬ 
ity,  locating  a  rogue  device  and  its  use. 

Information  about  authorized  but  improperly  configured 
access  points  and  compromised  Wired  Equivalent  Privacy 
encryption  keys  also  can  be  collected.  All  this  data  is  sent  to  a 
Tivoli  Risk  Manager  console  at  an  IBM  Global  Services  opera¬ 
tions  center  in  Boulder,  Colo.,  which  operates  around  the  clock. 
The  service  costs  $30,000  for  a  one-time  set-up  fee  and  an 
annual  $50,000  subscription  cost. 

IBM  is  not  alone  in  the  wireless  security  arena,  and  its  wire¬ 
less  IDS  service  still  lacks  many  features  offered  by  other, 
albeit  smaller,  competitors.  For  example,  AirDefense  sells  a 
wireless  IDS  product.  Like  IBM's  new  service,  AirDefense’s  sys¬ 
tem  relies  on  a  distributed  network  of  sensors  that  monitor 
wireless  access  points  and  spot  emerging  attacks.  Whereas 
IBM's  wireless  IDS  service  can  spot  compromised  or  misconfig- 
ured  access  points,  the  latest  edition  of  the  AirDefense  system 
can  shut  them  down  remotely. 

On  the  topic  of  decades-old  biometrics  technologies,  IBM's 
John  McKeon,  principal  in  the  IBM  Safety  and  Security 
Services  group,  said  fingerprint-,  iris-  and  voice-based  recogni¬ 
tion  finally  appear  to  be  taking  off  for  corporate  and  govern¬ 
ment  use.  “In  the  not  so  distant  future,  we'll  use  biometrics  as 
the  common  and  ubiquitous  form  of  ID,”  he  ventured. 

—  Ellen  Messmer 
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Within  your  desktops,  notebooks,  switches  and  servers  are  chips  enabling  your  business  to  operate  in  real  time,  delivering  Gigabit 
speed  both  reliably  and  securely.  When  the  top  10  computer  and  networking  equipment  brands  need  unsurpassed  performance,  they 
turn  to  us.1  Broadcom®  chips  are  two  to  three  times  faster  than  the  closest  competitor’s  in  delivering  network  throughput  on  your 
demanding  applications.2  Whether  you’re  wired  or  wireless,  networking  hardware  built  with  Broadcom  technology  ensures  the  devices 
you  use  today— as  well  as  those  you  add  tomorrow— will  connect  easily  and  seamlessly  across  air,  fiber  and  copper. 


Learn  how  building  upon  Broadcom  chips  end-to-end 
can  provide  you  with  faster  network  performance. 
Download  the  first  two  chapters  of  our  new  e-book 
“Architecting  Next-Generation  Networks"  now  at 

www.networkworld.gobroadcom.com/ebook 
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Year  One:  Forcel  0  faces  challenges 


Forcel  0’s  next  moves 

Start-up  ForcelO  Networks  made  noise  with  its  debut  last  year,  but  it 
faces  some  challenges  ahead: 

•  Keep  the  R&D  engine  revved:  While  ForcelO  got  one-year  jump  over  rivals  Cisco, 
Foundry,  Extreme  and  others  in  delivering  full  10G  Ethernet,  those  competitors  — 
especially  Cisco  —  have  big  R&D  budgets.  Staying  ahead  of  the  larger  players  is 
key  if  ForcelO  wants  to  sell  itself  on  pure  performance. 

•  Broaden  the  menu:  Observers  say  ForcelO  needs  to  offer  products  that  take 
advantage  of  the  growth  in  Gigabit  Ethernet  use  among  smaller  companies.There 
are  only  so  many  government  supercomputing  labs  out  there. 

•  Prove  viability:  Many  corporate  customers  say  the  financial  health  of  their  network 
vendors  is  a  factor  in  choosing  infrastructure  products.  ForcelO  will  have  to  prove 
that  it  will  be  around  forthe  long  run. 


■  BY  PHIL  HOCHMUTH 

After  arriving  with  a  splash  in  the  high- 
end  switch  market  in  September  2002, 
ForcelO  Networks  continues  to  gain  cus¬ 
tomers  and  praise  from  high-end  users.  But 
some  observers  say  that,  with  its  rivals 
catching  up  in  technology  the  firm  must 
continue  to  push  new  products  aimed  at  a 
broader  range  of  customers  or  become 
just  another  player  in  a  crowded,  Cisccx- 
dominated  pack. 

According  to  Gartner,  ForcelO  held  less 
than  1%  of  all  the  $28  million  10G  Ethernet 
market  last  year.  Cisco  led  the  market  with 
52%  of  revenue,  followed  by  other  well- 
established  players:  Foundry  Networks, 
with  21%,  and  Nortel,  with  9%. 

In  the  past  12  months,  although  ForcelO 
hasn’t  released  any  new  products,  its  lead¬ 
ership  has  changed. 

Prabhat  Dubey  who  founded  ForcelO  in 
1999,  stepped  aside  as  CEO  in  June.  Marc 
Randall,  the  firm’s  former  head  of  engi¬ 
neering,  took  over.  Randall  previously 
worked  at  Cisco  as  vice  president  of  engi¬ 
neering,  directing  the  development  of  the 


Takes 

■  HP  last  week  announced  a  pro¬ 
gram  aimed  at  luring  Sun's  Solaris 
operating  system  users  to  HP 
machines  running  Linux.  The  bait? 
$25,000  in  porting  and  migration  ser¬ 
vices.  Under  the  new  program,  Sun's 
customers  in  the  Americas  will  be 
able  to  obtain  a  free  assessment  of 
how  to  port  as  many  as  three  Solaris 
applications.  HP  also  will  port  one 
application  from  Solaris  to  Linux  at 
no  charge,  and  offer  customers  free 
use  of  a  ProLiant  server  for  30  days 
and  an  assessment  of  how  to 
improve  their  storage  systems.  Sun 
launched  a  similar  program  targeting 
HP's  Alpha  microprocessor  users 
last  July.  Its  “HP  Away"  program 
offered  HP  customers  incentives  to 
port  from  Alpha’s  Tru64  Unix  operat¬ 
ing  system  to  Solaris.  HP  says  the 
program  will  be  offered  through 
year-end. 


Cisco  7500-series  routers. 

In  February  the  firm  closed  a  deal  for  $41 
million  in  venture  capital  financing,  bring¬ 
ing  the  firm’s  total  to  $201  million. Investors 
in  the  start-up  include  Amerindo  Invest¬ 
ment  Advisors,  New  Enterprise  Associates, 
Pacesetter  Capital  Group,  USVP  and  World¬ 
view  Technology  Partners. 

The  company  has  been  building  its  list  of 


■  BY  DENI  CONNOR 

Hitachi  Data  Systems  last  week  intro¬ 
duced  new  data  protection  software  and  a 
variety  of  storage  enhancements  aimed  at 
making  it  easier  for  users  to  manage,  scale, 
protect  and  retain  their  storage  resources. 

The  new  Hitachi  Thunder  9580V  supports 
up  to  64  terabytes  of  capacity  and  1,024 
ports  for  connection  to  host  computers. 
Operating  at  6.4G  byte/sec,the  9580V  has  a 
single  or  dual  controller  and  as  many  as 
449  disk  drives  that  can  be  partitioned  into 
2,048  logical  units  for  assignment  to 
servers.  It  also  operates  at  7.4G  byte/sec  of 
cached  bandwidth  more  than  three  times 
as  fast  as  the  company’s  existing  Thunder 
9570V,  the  company  says. 

The  Thunder  9580V  also  ships  with  snap¬ 
shot  back-up  capability  called  Quick- 
Shadow  and  HiCopy  replication  software, 
which  lets  customers  migrate  data  be¬ 
tween  disparate  Thunder  and  existing 
Hitachi  Lightning  9500V  storage  arrays. 
QuickShadow’s  point-in-time  copy  capabil¬ 
ity  copies  only  changed  data,  thus  mini¬ 
mizing  the  effect  on  customer  operations. 


10G  Ethernet  customers,  recently  adding 
Indiana  University  the  National  Center  for 
Supercomputing  and  Argonne  National 
Laboratory  to  its  customer  list.  In  February 
ForcelO  announced  large  pricecuts,  cut¬ 
ting  its  10G  per-port  price  almost  in  half  to 
$17,000. 

Product  news  also  has  slowed. The  com¬ 
pany  debuted  with  strong  gear,  its  El 200 


Hitachi's  64-terabyte  Thunder  box  can  be  par¬ 
titioned  to  support  2,048  servers. 

The  company  also  announced  that  its 
high-end  storage  array  the  Lightning  9900  V 
has  been  enhanced  with  additional  cache, 
control  memory  and  drive  options.  It  now 


and  E600  high-end  switch-routers. The  two 
switches  caused  some  buzz  in  the  high- 
end  Ethernet  switch  community  as  the 
gear  boasted  5  terabits/sec  of  backplane 
throughput,  with  Gigabit  and  10G  Ethernet 
densities  unmatched  by  established  play¬ 
ers. 

The  debut  of  the  El 200  also  aired  a  bit  of 
dirty  laundry  in  the  closets  of  some  ven¬ 
dors  who  touted  10G  Ethernet  switches: 
Most  products  on  the  market  could  only 
support  6G  to  8G  bit/sec  of  throughput 
between  ports  on  different  switch  mod¬ 
ules.  This  bottleneck  that  existed  among 
major  players  made  ForcelO  the  only  ven¬ 
dor  that  offered  true  10G  performance. 

Since  then,  key  enterprise  competitors 
such  as  Cisco,  Enterasys  Networks,  Extreme 
Networks  and  Foundry  have  announced 
next-generation  products,  although  only 
Cisco  and  Foundry  are  shipping  in  volume 
at  this  time, sources  say 

“Cisco  and  Foundry  have  announced 
line-rate  10-Gigabit  cards,  so  it’s  no  longer 
valid  for  ForcelO  to  claim  they  are  the 
only  true  10-Gig  game  in  town,” says  David 
See  ForcelO,  page  22 


features  double  the  cache  size  (128G 
bytes)  of  previous  9900  arrays,  double  the 
control  memory  (6G  bytes)  and  higher-per¬ 
forming  15,000  RPM  73G-byte  drives. 
Hitachi  increased  the  number  of 
Enterprise  Systems  Connection  ports  on 
the  9900  V  to  48  from  32. 

Gary  Pilafas,  senior  storage  and  systems 
architect  for  United  Airlines  e-business  sub¬ 
sidiary  UAL  Loyalty  Services  in  Chicago, 
likes  his  Lightning  9900  V  arrays’  flexibility. 

“If  1  were  to  use  128G  bytes  of  cache,  I 
could  take  some  of  my  systems  and  lock 
their  file  systems  into  cache  so  they 
could  be  accessed  in  real  time  like  a 
solid-state  disk,”says  Pilafas,  who  has  four 
Lightning  9900  arrays,  including  a  new  V 
Class  array  to  which  UAL  Loyalty  Services 
is  consolidating. 

Hitachi  also  integrated  new  software  into 
its  Lightning  9900  V  Series  storage  arrays 
that  addresses  customers’  regulatory  com¬ 
pliance  and  data  management  require¬ 
ments.  Called  Hitachi  Open  LDEV  Guard 
and  previously  offered  only  to  customers 
with  mainframe  servers,  this  version  runs 
See  Hitachi,  page  22 


Hitachi  enhances  storage  connectivity 
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If  all  goes  well,  as  you  read  this  I’ll  be 
incommunicado  on  a  sailboat  some¬ 
where  between  Virginia  and  the 
Bahamas  —  a  brief  and  rare  respite  from 
IT.  While  that  is  what  it  should  be,  it  cer¬ 
tainly  won't. Oceangoing  vessels  these  days 
are  chocked  to  the  brim  with  technology 
—  with  even  some  small  boats  having 
instrumentation  built  around  an  Ethernet 
core. 

With  less  fanfare  than  one  might  expect, 
Ethernet  is  showing  up  in  places  not  usu¬ 
ally  the  domain  of  traditional  IT  solutions 
—  at  sea  and  on  the  factory  floor,  to  name 
just  two. 

On  the  factory  floor,  traditional  transports 
are  being  augmented  and  replaced  by  so- 
called  “industrial  Ethernet”  switches.  These 
turn  out  to  be  basic,  low-density  Fast 


Ethernet  switches  built  to  factory-floor 
specifications,  which  means,  among  other 
things,  that  they  can  last  more  than  six 
weeks  in  dusty,  hot  and  shaky 
environments. 

We  just  finished  a  validation  project 
involving  one  of  the  “big  names”  in  indus¬ 
trial  Ethernet,  the  German  firm  Hirsch- 
mann  Electronics.While  Cisco  also  plays  in 
this  arena,  it  is  interesting  to  see  the 
approach  being  taken  by  vendors  whose 
history  has  centered  on  the  factory  floor 
rather  than  the  data  center. 

It  will  be  interesting  to  see  how  Cisco’s 
competitors  deal  with  this  opportunity. Will 
they  partner  with  established  factory- 
automation  providers,  go  it  alone  or  just 
skip  it? 

While  most  implementations  to  date  are 
probably  treating  the  factory  floor  as  a 
separate  IT“planet,”it  surely  won’t  be  long 
before  the  benefits  of  internetworking 
trigger  a  link  up  with  the  traditional  data 
center. 

While  the  environmental  conditions  at 
sea  potentially  are  as  bad  or  worse  than 


the  factory  floor,  the  traditional  corporate 
IT  switch  vendors  appear  to  dominate. 

While  instrumentation  on  the  lion’s  share 
of  commercial  ships  is  likely  still  Ethernet- 
free,  value-added  services  such  as  video  on 
demand  have  been  implemented  on 
cruise  ships  using  mainstream  LAN  switch¬ 
ing  for  some  years. 

For  a  navigation  core,  vendors  such  as 
Furuno  with  its  NavNet  line,  seem  to  be 
leading  the  charge.  Where  traditionally 
these  vendors  would  use  some  type  of  pro¬ 
prietary  “bus”  to  link  depth  sounders  and 
radar  domes  to  display  consoles,  they  now 
use  Ethernet. 

This  is  a  big  deal  to  that  industry  It  is 
interesting  to  see  the  Web  site  brag  about 
“high-speed  networking”  and  realize  that 
they  are  talking  about  10M  bit/sec  Ethernet 
hubs.  Everything  is  relative. 

Unlike  the  industrial  Ethernet  vendors, 
Furuno  basically  leaves  it  to  customers  to 
get  any  old  Ethernet  hub  from  their  local 
computer  store.  Given  the  cheap  construc¬ 
tion  of  most  low-end  hubs  and  the  corro¬ 
sive  effects  of  the  salt  air,  I  don’t  think  it  will 


be  hard  to  predict  the  failure  point  for 
those  networks. 

It’s  scary  to  think  of  relying  on  poorly- 
specified  technology  for  critical  functions 
such  as  navigation  and  depth  readings. 
While  Ethernet  can  certainly  do  the  job,  a 
cheap  hub  is  not  the  way  to  go. This  could 
well  be  a  time  where  leading  edge 
becomes  “bleeding  edge”  as  short  circuits 
in  the  navigation  system  turn  a  cruise  into 
an  unplanned  adventure. 

But  before  long,  the  Furunos  of  the 
world  will  figure  this  out  and  strengthen 
the  Ethernet  infrastructure  element. 
Ultimately,  this  should  lower  costs,  pro¬ 
mote  interoperability  among  vendors  of 
different  navigation  components  and 
improve  time  to  market. 

Best  of  all,  it  will  provide  a  retirement  job 
for  me  —  debugging  all  those  misbehaving 
Ethernet-based  shipboard  networks. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  k tolly  @tolly.com. 


Force 10 

continued  from  page  21 

Newman,  president  of  Network  Test,  a  net¬ 
work  equipment  testing  and  consulting 
firm,  and  part  of  Network  World’s  Global 
Test  Alliance. 

“Force  10  made  a  lot  of  its  competitors  in 
this  market  work  a  little  harder  because 
they  were  so  far  ahead  of  the  game  than 
companies”  such  as  Cisco,  Extreme  and 
Foundry  says  Zeus  Kerravala,  an  analyst 
with  The  Yankee  Group. 

The  issue  that  might  still  hinder  Force  10  is 
the  company’s  viability  Kerravala  says.  With 


questions  of  financial  viability  surrounding 
even  large,  established  network  players 
such  as  Lucent  and  Nortel,  companies 
looking  to  invest  in  next-generation  infra¬ 
structure  are  looking  for  vendors  that  will 
be  in  it  for  the  long  run,  he  adds. 

Sources  say  Force  10  will  launch  several 
new  products  this  quarter  aimed  at  small¬ 
er  IT  shops  that  still  are  interested  in 
deploying  high-density  Gigabit  and  10G 
Ethernet  links.  Those  familiar  with 
Force  10’s  plans  say  the  new  gear  will 
include  three-slot  and  fixed-configuration 
switches  with  Gigabit  and  10G  ports  that 
could  be  used  for  aggregating  smaller 


Middleware. 
It’s  at  the  mall. 


server  farms  or  for  long-haul  switch-to- 
switch  connections  over  dark  fiber. 

While  competitors  might  have  an¬ 
nounced  gear  that  can  handle  full  10G 
bit/sec  links,  Andrew  Feldman,  vice  presi¬ 
dent  of  marketing  for  Force  10,  says  the 
company  is  still  a  year  ahead  of  the  market 
in  terms  of  building  production-ready  10G 
switches. 

“We’ve  been  through  the  wringer  on 
some  of  the  most  demanding  networks,” 
Feldman  says.“Our  boxes  have  been  ham¬ 
mered  into  shape.  Other  [vendor’s  prod¬ 
ucts]  will  get  there  too,  but  they’ll  have  to 
go  through  the  same  things  we  did  in  the 
field.”  Because  of  this,  Feldman  says,  the 
company  can  produce  new  technology 
while  competitors  work  on  making  their 
boxes  more  stable. 

Feldman  says  10G  and  Gigabit  are  be¬ 
coming  popular  in  large  server  cluster 
deployments.  While  interconnects  such  as 
InfiniBand,  Fibre  Channel  and  other  propri¬ 
etary  technologies  have  been  the  norm  for 
large  system  clustering,  Force  10  is  pushing 
Ethernet  —  10G  that  is  —  as  the  lower-cost, 


standards-based  alternative.  The  drive  for 
server  consolidation  and  the  fusing  of  stor¬ 
age  and  IP  networks  are  two  large  opportu¬ 
nities  for  Force  10,  Feldman  adds. 

One  organization  that  uses  10G  in  server 
clusters  is  the  San  Diego  Supercomputing 
Center  (SDSC). 

Several  hundred  ports  of  10G  are  used  at 
the  SDSC,  which  is  a  part  of  the  Teragrid,  a 
project  that  links  supercomputing  re¬ 
sources  across  the  country  into  one  grid¬ 
computing  infrastructure.  SDSC  uses  10G 
Ethernet,  which  are  less  expensive  and 
faster,  according  to  Kevin  Walsh,  a  senior 
network  engineer  at  the  SDSC. 

“You  can’t  beat  Ethernet  for  its  interoper¬ 
ability  and  price”  when  it  comes  to  net¬ 
working  large  systems,  he  says.  “The  evolu¬ 
tion  of  [10  Gigabit]  should  propel  Ethernet 
past  other  proprietary  [technologies] 


■  For  more  on  high-speed 
Ethernet  LANS,  see  PAGE  24. 


Hitachi 

continued  from  page  21 

on  Unix  and  Windows  hosts.  It  lets  the 
9900  V  function  as  a  Write  Once  Read 
Many  drive,  letting  customers  show  that 
data  that  has  been  written  has  not  been 
altered  or  deleted  before  the  mandated 
retention  period. 

Further,  Hitachi  announced  software 
products  that  let  customers  deploy  multi¬ 
ple  storage  configurations  and  build  busi¬ 
ness-continuity  configurations.  Its  Three 
Data  Center  CopyHiCopy  and  Open  LDEV 
Guard,  let  customers  create  business-criti¬ 
cal  continuity  plans  while  maintaining 


compliant  storage  environments. 

Three  Data  Center  Copy  software  lets  cus¬ 
tomers  create  asynchronous  or  synchro¬ 
nous  replication  across  multiple  remote 
data  centers.  It  is  implemented  for  main¬ 
frame  environments  that  use  Hitachi’s 
CopyCentral  management  interface. 

Hitachi  competes  primarily  with  IBM  and 
EMC.  Hitachi  says  the  9580V  has  six  times 
the  bandwidth  of  EMC’s  CX600  and  double 
the  bandwidth  of  EMC’s  DMX  800. 

Hitachi  Thunder  9580V  costs  from 
$1 10,000  to  $500,000,  depending  on  con¬ 
figuration.  The  price  of  the  9900V  ranges 
from  $200,000  to  $8  million, depending  on 
configuration  ■ 


It  ain’t  braggin’ 
if  you  can  do  it 


Finally,  a  company  that  talks  big  and 
works  bigger.  A  company  that  talks  ROI 
and  actually  delivers.  A  company  that 
provides  real  business  value  you  can 
measure.  A  network  solutions  and 


services  provider  called  NextiraOne 


At  NextiraOne,  we  bring  clarity  to  your 
complex  communications  networks. 
Planning,  designing,  implementing, 
supporting  and  managing.  For  voice, 
data  and  converged  infrastructures. 

In  the  United  States  or  around  the 


world.  You  name  it,  we  do  it  -  with 
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1 0  Gigabit  ready  to  set  up  enterprise  shop 


BY  PHIL  HOCHMUTH 


M 


Pros 


ost  corporate  users  are  not  yet 
clamoring  for  10G  Ethernet,  but 
the  technology  is  evolving  from 
the  concept  phase  to  production  cus¬ 
tomer  trials  and  deployments  in  some 
cases. 

Falling  prices  and  the  proliferation  of 
inexpensive  Gigabit  products  are  pushing 
demand  for  10  Gigabit  among  some 
users.  Others  are  holding  out  for  the  cop- 
perversion  of  10  Gigabit,  in  the  hopes 
that  this  will  drive  down  the  per-port  cost 
of  the  technology  even  further.  Observers 
say  this  could  come  into  play  as  10G 
moves  from  switch-to-switch  applications 
into  high-end  server  and  network- 
attached  storage  (NAS)  connectivity. 

While  large  government  laboratories 
and  research  centers  have  been  on  the  forefront  of  10G 
adoption,  a  few  recent  installations  of  10G  have  taken 
place  in  some  more  real-world  enterprise  environments, 
such  as  hospitals  and  in  education. 

The  North  Bronx  Healthcare  Network  (NBHN) 
recently  completed  an  installation  of  10  Gigabit 
switches  from  Extreme  Networks  to  leapfrog  its  Fast 
Ethernet-based  infrastructure  one  step  ahead  of  the 
upgrade  cycle. 

NBHN  uses  single-mode  fiber  runs  to  connect  three 
hospitals  with  10G  bit/sec  links.  Driving  the  need  for  this 
kind  of  bandwidth  was  the  growing  use  of  applications 
such  as  medical-imaging  technology  which  can  push 
digital  magnetic  resonance  image  (MRI)  and  X-ray  files 


fcfc 10G  on  copper  looks  good 
because  of  the  lower  cost  per 
interface  and  higher  densities.  1 1 

Richard  Nelson 

Director  of  information  processing 
University  of  Southern  California's  Information 
Sciences  Institute 


as  large  as  2G  bytes  across  a  LAN.  While  the  10G  net¬ 
work  was  somewhat  overkill,  NBHN’s  CIO  Dan  Morreale 
says  he  anticipates  that  bandwidth  needs  will  grow  to 
utilize  these  pipes. 

Future  plans  for  large-scale  server  consolidation  also 
u  driving  some  users  to  lay  10G  foundations  today. At 
Manchester  Community  College  (MCC)  in  Connecticut, 
10G  is  changing  some  of  the  most  common  blueprints 
in  buisiing  I  ANs.  Many  organizations  deploy  10/100M 
bit  's,  v-  edge  switches,  usually  stackable  boxes,  which 
feed  into  a  G:gabit-speed  distribution  layer  and  then  the 
LAN  core. 

MCCs  pproaeh  is  to  eliminate  the  distribution  layer 
and  link  desktop  sw  itches  and  servers  directly  to  the 


10  Gig  pros  and  cons 

Why  you  should,  or  shouldn’t,  use  10G  Ethernet  in  your  net  (yet). 


Cons 


Using  a  single  10  Gigabit  link  instead  of 
trunked  Gigabit  connections  could  save 
space  and  free  up  Gigabit  ports  for 
other  uses. 

If  your  desktops  and  edge  switches  are 
moving  to  Gigabit,  bigger  bandwidth  will 
be  needed  in  the  core  and  distribution 
layer. 

If  dark  fiber  is  available,  10G  could  be 
used  to  create  a  high-speed  MAN  infra¬ 
structure  faster  than  most  carriers'  nets. 


At  current  cost  levels,  a  single  10G 
Ethernet  LAN  on  average  is  more 
expensive  than  10  Gigabit  ports. 

Many  of  the  high-end  switch  chassis 
installed  cannot  support  full  10  Gigabit 
throughput. 

For  short-range  connections,  such  as 
server  clustering  or  consolidation,  few 
low-cost  10  Gigabit  options  are 
available. 


with  many  start-ups,  led  by  firms  such  as 
Alteon,  Extreme  and  Foundry  Networks. 

“We’re  not  seeing  much  demand  for 
10G  among  our  clients,”  says  Lawrence 
Orans,  principal  analyst  with  Gartner. 

But  that’s  not  to  say  10G  won’t  have 
its  day.  While  not  on  the  “to-do”  list 
today  for  companies,  In-Stat/MDR’s  sur¬ 
vey  showed  that  about  40%  of  users 
will  have  some  10G  deployed  within 
two  years.  Likewise,  Gartner  forecasts 
that  shipments  of  10G  Ethernet 
adapters  for  servers  and  storage 
devices  will  jump  from  about  1,000 
beta  products  shipped  this  year  to  serv¬ 
er  makers  for  trial,  to  more  than 
500,000  units  shipping  in  production 
systems  by  2007. 


core.To  do  this,  10G  was  required  in  the  backbone,  says 
Jason  Blosser,  IT  director  at  the  college. 

“This  architecture  will  help  us  cut  administration 
costs”  and  equipment  expenses,  because  the  aggrega¬ 
tion  switch  layer  —  about  a  dozen  boxes  —  will  be 
eliminated,  he  says. 

10G  reality  check 

The  recent  push  of  10G  products  to  corporate  cus¬ 
tomers  was  spurred  by  a  declining  interest  among 
carriers,  which  were  the  original  10G  target  market. 

“When  [10G  Ethernet]  was  being  developed,  there  was 
an  expectation  that  there’d  be  an  uptake  on  the  service 
provider  side,”  says  Bruce  Tolley,  senior  manager  of 
emerging  technologies  at  Cisco,  who  was  active  in  craft¬ 
ing  the  10G  standard. The  promise  of  long-haul  10G 
Ethernet  over  copper  as  a  SONET  replacement  was  the 
main  focus  of  the  IEEE  at  that  time.“But  with  the  dot¬ 
com  bust  and  telecom  restructuring,  that  didn’t  happen,” 
he  says. 

The  result  of  that  action  is  10G  Ethernet  is  now  an 
enterprise-focused  technology. 

Even  after  this  switch  to  an  enterprise  focus,  however, 
several  analyst  firms  say  that  demand  for  the  products  is 
not  high. 

A  recent  In-Stat/MDR  survey  of  282  buyers  of  enter¬ 
prise  network  equipment  shows  that  56%  of  respondents 
said  they  had  “no  plans”  to  deploy  10G  Ethernet  in  their 
networks. 

This  corporate  position  on  10G  is  reflected  in  prod¬ 
uct  shipments.  According  to  the  Dell’Oro  Group,  only 
1,000  10G  switch  ports  were  shipped  last  year,  and 
only  about  4,000  are  estimated  to  be  sold  to  cus¬ 
tomers  this  year. 

Comparatively,  when  Gigabit  Ethernet  was  introduced 
to  the  masses  in  1997, 1 1,000  ports  were  shipped.  A 
year  later,  shipments  reached 

220,000.  Observers  add  that  the  IlSrfh  Qnnnffl 

pent-up  demand  for  1000M 

bit/sec  Ethernet  was  a  pressing  LAmS 

issue  to  businesses  six  years  ago,  subscribe  to  our  free  newsletter, 
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The  copper  catalyst 

While  many  analysts  predict  10G  shipments  to  rev  up 
in  the  next  several  years,  what  could  really  make  10G  a 
force  in  the  market  is  the  evolution  of  a  copper-based 
version  of  10G. 

Serious  consideration  of  copper-based  10G  began  last 
November,  when  the  IEEE  formed  two  study  groups:  one 
to  focus  on  studying  how  to  run  10G  Ethernet  over 
Category  5  or  6  cabling;  and  another  to  figure  out  how 
to  run  10G  bit/sec  Ethernet  over  four  pairs  of  twin-axial 
copper  cabling. 

Twin-axial  cabling  might  be  familiar  to  users  of  older 
IBM  minicomputers  or  more  recently  for  InfiniBand 
device  interconnect  cabling.The  cables  are  used  for  runs 
of  about  15  to  20  feet. 

The  major  driver  for  copper  10G  development  is  cost. 
Fiber  Ethernet  ports  cost  more  than  copper  at  every 
level  of  connection  speed. When  lOGBase-LX  debuted  in 
2001,  ports  cost  as  high  as  $80,000.This  equates  to  10 
times  the  performance  of  Gigabit  Ethernet,  at  about 
eight  times  the  cost. 

Pricing  has  come  down  by  about  half  since 
then, but  analysts  and  IEEE  engineers  estimate  that 
copper  10G  will  come  in  at  about  two  or  three  times 
the  cost  of  Gigabit  Ethernet  while  offering  10  times  the 
performance. 

For  networks  in  which  10G  is  established,  10G  over 
copper  represents  the  next  step  for  the  technology. 

“10G  on  copper  looks  good  because  of  the  lower 
cost  per  interface  and  higher  densities,” says  Richard 
Nelson,  director  of  information  processing  at  the 
University  of  Southern  California’s  Information 
Sciences  Institute  in  Marina  del  Rey,  which  also  con¬ 
ducts  supercomputing  research.  He  says  NAS  disk 
arrays  and  high-powered  servers  are  two  areas  where 
copper  10G  could  fit  in  now. 

The  institute  uses  Foundry  switches  for  its  10G  Ether¬ 
net  links,  which  extend  several 
miles  and  connect  multiple  com¬ 
puter  rooms  across  several  cam¬ 
puses  in  the  metropolitan  area. 
But  not  all  10G  links  need  to  be 
long-reach,  he  says.  ■ 
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FREE  SEMINAR! 

Register  for  new  Foundry  Networks  Enterprise  and  Server  Load 
Balancing  Free  Half-Day  Seminars.  Details  at 
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We’ll  be  at  EDUCAUSE,  booth  462, 
on  November  4-7, 2003.  Details  at 
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The  Journey  of  the  Leader  in  Layer  4-7  Load  Balancing  Switches 
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Siebel  courts  small,  midsize  firms 


■  BY  ANN  BEDNARZ 

CRM  market  leader  Siebel  Systems  hasn’t 
forgotten  the  little  people.  It’s  new  mantra, 
“CRM  for  everyone,”  is  intended  to  reflect 
an  easier,  more  affordable  Siebel  —  a 
theme  that  was  pervaded  at  the  software 
maker’s  user  conference  held  last  week  in 
San  Diego. 

Executives  say  they  hope  the  message  of 
inclusion  will  beef  up  Siebel’s  appeal  to 
small  and  midsize  companies  that  want 
the  features  of  full  scale,  on-premises  CRM 
but  have  shied  away  from  buying  because 
of  implementation  challenges  and  costs. 

The  cornerstone  of  Siebel’s  new  product 
strategy  is  its  hosted  CRM  service,  devel¬ 
oped  with  hosting  partner  IBM  and  un¬ 
veiled  for  the  Siebel  User  Week  2003  con¬ 
ference.  Siebel  CRM  OnDemand  is  ex- 


■  Microsoft  has  been  awarded  a 
patent  for  a  feature  in  instant  mes¬ 
saging  that  alerts  a  user  when  the 
person  they  are  communicating  with 
is  inputting  a  message.  The  feature  is 
present  in  instant-messaging  services 
from  Yahoo  and  AOL.  Microsoft's 
patent  could  give  the  company  a  leg 
up  in  the  instant-messaging  market  if 
it  can  enforce  the  patent  and  edge  out 
competitors  by  exclusively  offering 
the  feature.  Office  Live  Commun¬ 
ications  Server  2003  is  due  to  hit 
the  market  soon,  while  MSN  Mes¬ 
senger  claims  more  than  100  million 
users. 

■  Secure  messaging  vendor  Sigaba 
last  week  released  Version  4.0  of 
Sigaba  Secure  E-mail.  The  soft¬ 
ware  is  highlighted  by  support  for  fed¬ 
erated  authentication  and  a  lineup  of 
authentication  adapters  including  sup¬ 
port  for  Lightweight  Directory  Access 
Protocol.  Novell  eDirectory,  Microsoft 
Active  Directory,  Kerberos,  RADIUS, 
NT4  LAN  Manager  and  Lotus  Domino. 
Version  4.0  pricing  starts  at  $50,000. 
which  includes  the  Sigaba  Gateway, 
Key  and  Authentication  Services. 


pected  to  deliver  CRM  tools  faster,  easier 
and  less  expensively  than  the  company’s 
licensed  software  suite,  Siebel  officials  say 

The  model  is  designed  to  appeal  to 
smaller  companies  than  those  that  make 
up  Siebel’s  traditional  client  base.  The 
vendor  also  wants  its  existing  customers 
to  use  the  service  to  deploy  CRM  to 
remote  locations  and  subsidiaries  where 
they  haven’t  deployed  Siebel’s  licensed 
version. 

The  vendor  says  its  hosted  CRM  product 
can  be  seamlessly  integrated  with  —  or 
automatically  migrated  to  —  an  on¬ 
premises  deployment  of  Siebel’s  CRM  soft¬ 
ware.  In  this  way  users  can  start  with  a 
small  CRM  project  and  expand  the  system 
as  needs  change,  Siebel  officials  say 

CEO  Tom  Siebel  said  the  hosted  offering 
addresses  customers’  changing  needs. 
“Enterprise  software  must  embrace  the 
speed  of  change  in  business  into  its  DNA,” 
Siebel  said  last  week  during  his  keynote 
speech  at  the  conference.  “In  this  new  era 
of  CRM,  we  see  hybrid  solutions  to  meet 
the  requirements  of  distributed  business 
models.” 

CRM  OnDemand  is  Siebel’s  second  host¬ 
ing  attempt.  The  company  launched  its 
Sales.com  service  in  February  1999  and  at 
one  time  planned  to  spin  off  the  unit. 
Instead, Siebel  shuttered  the  losing  venture 
in  July  2001. 

Siebel’s  re-entry  into  the  hosted  CRM 
market  comes  as  analysts  say  CRM  buyers 
are  shifting  their  purchasing  preferences 
toward  the  application  service  provider 
(ASP)  model.  For  example,  license  rev¬ 
enue  will  decline  at  an  average  annual 
rate  of  4.8%  over  the  next  three  years, 
while  subscription  revenue  will  hit  $2.8 
billion  by  2006, Aberdeen  Group  says.  In  a 
recent  survey,  Aberdeen  found  35%  of 
respondents  use  CRM  delivered  by  a 
hosting  service,  and  85%  of  prospective 
CRM  buyers  would  evaluate  a  hosted 
CRM  service. 

Aiming  for  a  revenue  boost 

Like  many  software  vendors,  Siebel  lately 
has  battled  to  increase  license  revenue. 

Earlier  this  month, Siebel  announced  that 
it  expects  to  hit  its  profit  targets  for  the 
quarter  that  ended  Sept.  30,  but  miss  its  rev¬ 
enue  mark.  Third-quarter  revenue  will 
range  from  $320  million  to  $322  million 
and  license  revenue  will  range  from  $109 
million  to  $1 10  million,  the  company  said. 
(Final  quarterly  figures  are  due  out  this 
week.)  Analysts  were  expecting  Siebel  to 


report  total  revenue  of  $328.4  million. 

Meanwhile,  Siebel  has  embarked  on  a 
series  of  layoffs  and  office  closures  to  cut 
costs.  The  company  reported  that  it  is  on 
track  to  achieve  its  previously  stated  goals 
of  cutting  quarterly  expenses  by  $30  mil¬ 
lion  by  year-end. The  company  intends  to 
cut  expenses  further  to  increase  that  quar¬ 
terly  savings  to  $40  million  by  the  second 
half  of  next  year. 

CRM  OnDemand  is  a  good  move  to  kick- 
start  Siebel’s  stalled  product  strategy  wrote 
Kelly  Spang  Ferguson,  principal  analyst  at 
Current  Analysis,  in  a  research  brief.“But  it 
is  also  a  defensive  move  to  counter  the 
positive  momentum  of  ASP  rivals  that  have 
been  eating  Siebel’s  lunch.” 

Companies  such  as  NetSuite,  Sales- 
force.com,  Salesnet  and  UpShot  have  led 
the  ASP  charge  and  amassed  customers, 
particularly  among  small  and  midsize 
businesses.  Salesforce.com,  for  example, 
has  7,400  customers  of  its  hosted  service 
with  combined  100,000  individual  sub¬ 
scribers.  Siebel  has  3,500  customers  using 
its  licensed  software.  Also,  10  companies 
are  beta-testing  CRM  OnDemand  service. 

Dominant  suite  vendors  such  as  People- 
Soft,  SAP  and  Siebel  have  in  the  past 
See  Siebel,  page  28 


■  BY  CAROLYN  DUFFY  MARSAN 

General  Electric  has  selected  Plateau 
Systems  for  one  of  the  largest-ever  cor¬ 
porate  installations  of  e-learning  man¬ 
agement  software.  The  deal  signals  a 
trend  toward  enterprisewide  adoption  of 
Web-based  training  systems,  industry 
analysts  say. 

More  than  340,000  users  across  all  of  GE’s 
divisions  are  tapping  into  Plateau’s  soft¬ 
ware  as  the  behind-the-scenes  engine  for 
GE’s  Web-based  training  system,  my- 
Learning@ge.  GE  is  standardizing  on 
Plateau’s  Learning  Management  System 
Version  4,  which  provides  a  management 
infrastructure  for  the  delivery  of  electronic 
courseware,  standard  operating  proce¬ 
dures,  company  policies  and  other  educa¬ 
tional  materials. 

“Within  GE’s  environment,  we  will  be  one 


r - :  ; - 

Hosting  pros  and  cons 

Low  cost  helps  make  hosted 

CRM  offerings  —  such  as  the 

CRM  service  Siebel  announced 
last  week  —  appealing  to  small¬ 
er  companies,  according  to  a 
recent  Aberdeen  Group  survey. 
However,  configuration,  control 
and  integration  concerns  linger. 

Pros: 

• 

Fast  implementation  time. 

• 

Pay  only  for  usage,  avoid  up-front 
purchase. 

• 

• 

Requires  fewer  corporate 
resources  to  manage. 

• 

Support  available  and  adequate. 

Cons: 

# 

Applications  can  be  configured 
but  not  customized. 

• 

A  third  party  stores  and  controls 
data. 

• 

Service  is  only  accessable  when 
users  are  connected  to  network. 

• 

L _ 

Integration  with  third-party 
applications  is  a  concern. 

_  ^ 

more  process  application  that  cuts  through 
every  operating  division,”  says  Paul  Sparta, 
CEO  of  Plateau. “The  goal  was  for  GE  to  be 
able  to  aggregate  across  global  entities  — 
with  multiple  languages  and  multiple  busi¬ 
ness  units  —  to  gain  consistency  in  the 
whole  world  of  e-learning  content  and 
knowledge  management.” 

Plateau  would  not  say  how  much  the  GE 
deal  is  worth,  but  the  company’s  average 
deal  size  is  $500,000. 

“This  is  our  largest  corporate  deal  both  in 
numbers  of  users  and  dollar  value,"  Sparta 
says.“The  value  of  the  business  relationship 
has  been  several  million  dollars  to  date.” 

Plateau  beat  out  two  of  its  competitors  to 
win  a  pilot  project  with  GE  about  20 
months  ago.  Since  then,  Plateau  has 
installed  its  software  at  several  GE  business 
units.  Last  month,  GE  awarded  Plateau  a 

See  GE,  page  28 


GE  motors  along  with 
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Under  almost  universal  condemna¬ 
tion  from  the  Internet  technical 
community  and  with  the  immediate 
prospect  of  Internet  Corporation  for 
Assigned  Names  and  Numbers  filing  suit, 
VeriSign  on  Oct. 4  undid  the  change  to  the 
domain  name  database  that  it  had  in¬ 
stalled  two  weeks  earlier  (www.nwfu- 
sion.com,  DocFinder:  8029). 

VeriSign  whined  about  unfair  treatment, 
saying  it  would  “temporarily”  make  the 
change,  and  tried  to  paint  itself  as  a  victim. 

At  the  same  time,  almost  all  of  the  press 
seemed  to  support  VeriSign  instead  of  rec¬ 
ognizing  that  an  attempted  coup  d’etat  had 


When  is  an  abomination  a  service? 


been  (at  least  temporarily)  thwarted.  A 
VeriSign  spokesman  was  quoted  as  saying, 
“Without  so  much  as  a  hearing,  ICANN 
today  formally  asked  us  to  shut  down  the 
SiteFinder  service.” 

Meanwhile,  a  VeriSign  technical  person 
said  in  a  posting  to  the  nanog  mailing  list 
(DocFinder:  8030)  that  “We  requested  an 
extension  from  ICANN  to  give  more  notice 
to  the  community  but  were  denied.” 

VeriSign  must  think  we  all  have  really  bad 
short-term  memories.  ICANN  gave  VeriSign 
about  48  hours  to  reverse  its  changes, 
which  is  infinitely  more  than  the  zero 
notice  that  VeriSign  gave  the  Internet  when 
the  company  made  the  original  changes. 
Fbor  VeriSign  —  it  didn’t  get  a  hearing.  Not 
that  anyone  else  got  one  when  VeriSign  cre¬ 
ated  the  mess  in  the  first  place. In  spite  of  its 
whining,  VeriSign  is  the  perpetrator  here.  It 
is  no  victim  —  the  rest  of  us  were. 

It  was  disappointing  to  see  that  almost  all 


press  coverage  (even  in  this  publication) 
of  VeriSign  withdrawing  the  changes  spoke 
of  VeriSign  suspending  a  “service.”  The  dic¬ 
tionary  has  many  definitions  for  the  word 
“service.”  The  closest  in  Merriam  Webster 
might  be  “a  facility  supplying  some  public 
demand,”  except  that  the  public  demand 
was  all  in  VeriSign’s  imagination. 

VeriSign’s  Web  page  touts  the  number  of 
visits  to  the  “SiteFinder”  Web  page  —  65  mil¬ 
lion  in  a  week  or  so.  But  that  just  represents 
the  number  of  bad  typists  in  the  world 
(who  were  redirected  to  the  VeriSign  site), 
not  the  number  of  people  who  wanted  to 
go  there.  The  intended  beneficiary  of  the 
VeriSign  “service”  was  VeriSign’s  bank 
account. 

By  using  VeriSign’s  term,  the  press  implied 
that  what  the  company  had  been  doing 
was  a  positive  thing, something  that  provid¬ 
ed  a  real  service  to  the  Internet  commun¬ 
ity  This  ignores  all  of  the  Internet  functions 


that  were  broken  when  VeriSign  made  its 
changes. 

What  would  have  made  the  press  think 
about  what  it  was  writing?  Take  the  case  of 
a  garage  owner  who  spreads  tacks  on  a 
highway  so  he  could  get  more  business 
supplying  new  tires  to  drivers  who  manage 
to  find  his  tacks  in  their  tires.  Surely  the 
press  would  not  have  said  that  he  was  sup¬ 
plying  a  service  to  the  drivers  even  if  he 
called  it  one.  They  would  have  called  it 
vandalism.  What  VeriSign  did  was  Internet 
vandalism.  It  is  sad  that  much  of  the  press 
implied  otherwise. 

Disclaimer:  Most  people  think  Harvard 
provides  a  service,  but  the  above  opinion 
on  services  is  mine,  not  the  university’s. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@sob 
co.com. 


Siebel 

continued  from  page  27 

avoided  committing  significant  resources 
to  hosted  CRM  offerings  and  watched  the 
ASP  market  grow  from  the  sidelines. 
Siebel  is  late  to  the  game,  but  it  has 
resources  that  none  of  its  ASP  competi¬ 
tors  can  match,  according  to  Ferguson. 
“The  combination  of  Siebel  and  IBM  may 
quickly  change  the  competitive  land¬ 
scape,”  she  wrote. 

What  might  challenge  Siebel  is  the  ongo¬ 
ing  application  development  required  to 
maintain  a  CRM  service,  Ferguson  wrote. 
“ASPs  are  in  the  business  of  making  im¬ 
provements  every  few  months,  which  is  dif¬ 
ferent  than  the  traditionally  longer  devel¬ 
opment  cycles  for  licensed  application 
vendors  such  as  Siebel,” she  wrote. 


Middleware. 

It’s  under  the  hood. 

t 

! 


Incremental  upgrade 

Also  at  Siebel  User  Week  the  vendor  said 
its  next  major  upgrade  of  the  software  plat¬ 
form,  Version  7.7,  is  on  track  for  release  in 
the  first  half  of  2004.  Among  the  product’s 
enhancements  are  additional  industry-spe¬ 
cific  tools;  two-way  store-and-forward  wire¬ 
less  support;  and  a  new  module  for  track¬ 
ing  customer  loyalty 

However,  a  complete  overhaul  of  Siebel’s 
CRM  system  is  years  away  Siebel  told  atten¬ 
dees.  He  predicted  that  his  company  could 
stick  with  its  Version  7  system  through  the 
end  of  the  decade. 

“This  is  not  something  that’s  going  to  be 
replaced  next  year  with  a  Version  8,”  he 
said.“We  see  this  as  a  product  architecture 
with  legs.” 

One  customer  attending  Siebel’s  keynote 
said  he  appreciated  hearing  about  the 


company’s  plans  to  stick  with  its  Version  7 
architecture  for  the  foreseeable  future. 

“It’s  comforting  to  know  that  they’re  start¬ 
ing  to  stabilize,” said  Charles  Pierce,  director 
of  IT  for  GMAC  Insurances  General  Motors 
subsidiary  in  Winston-Salem,  N.C. 

GMAC  Insurance  has  been  a  Siebel  cus¬ 
tomer  for  two  years.  It’s  using  Version  6  and 
plans  to  upgrade  sometime  next  year. 


Siebel’s  software  has  worked  fine,  Pierce 
said,  although  he  questioned  the  rosy  tone 
of  CEO  Siebel’s  pitch  about  the  value  of 
Siebel’s  technology 

“It’s  not  quite  as  much  fun  as  what  he 
described,”  Pierce  said. 

IDG  News  Service  correspondent  Stacy 
Cowley  contributed  to  this  report. 


GE 

continued  from  page  27 

new  contract  for  every  major  business  unit 
on  five  continents. 

“GE’s  was  the  most  extensive  and  brutal 
technical  and  architectural  analysis  that 
we  have  ever  experienced,” Sparta  says.“GE 
is  an  equity  investor  in  Plateau, but  they  are 
also  an  investor  in  some  of  our  competi- 
tors.That  didn’t  help  us  at  all.” 

Plateau  4  provides  GE  with  one  platform 
for  scheduling,  managing  and  delivering 
e-learning  activities.  The  software  can  be 
used  to  manage  certification  training  and 
provide  ongoing  education  required  by 
regulated  industries. 

“We  have  been  operating  on  a  single  HR 
IS  platform  for  several  years,”  says  Bob 
Corcoran,  GE’s  chief  learning  officer  in  a 
statement.“By  interfacing  Plateau  with  this 
core  application  for  our  employee  infor¬ 
mation,  we  are  expanding  automation  in 
the  HR  processes  at  GE.” 

Plateau  4  uses  Oracle’s  software  as  its 
database  engine  and  integrates  with  Web 
server  software  from  BEA  Systems,  IBM  and 
Sun.  Architecturally  the  software  is  written 
in  Java  2  Platform  Enterprise  Edition  and 
has  built-in  support  for  Web  services.lt  sup¬ 
ports  such  network  standards  as  HTTP 
Secure-HTTP  and  Lightweight  Directory 
Access  Protocol. 

Designed  as  an  enterprisewide  applica¬ 
tion,  Plateau’s  software  integrates  with 
human-resource  applications  from  Oracle, 
FeopleSoft,  and  content  management  and 


■  ROFIL  PLATEAU  SYSTEMS 


Headquarters:  Arlington,  Va. 
Employees:  115 
Founded:  1996 

Financials:  Privately  held,  received 
$18  million  in  venture  financing  in 
March  2001 

Flagship  Product:  Plateau  LMS  4 

Competitors:  Saba  Software, 
Docent,  Pathlore  Software 


delivery  systems. 

More  companies  like  GE  are  deploying 
e-learning  management  systems  from  spe¬ 
cialty  vendors  such  as  Plateau, analysts  say 
Regulated  industries  such  as  pharmaceuti¬ 
cals,  chemical  manufacturing,  utilities  and 
government  are  among  the  early  adopters. 

Plateau’s  selection  by  GE  is  “a  blow  to  the 
big  powerhouse  vendors  —  FteopleSoft 
and  others  —  who  assumed  that  they 
could  just  assimilate  e-learning. . .  .But  that’s 
proving  much  harder  to  do,"  says  James 
Lundy  vice  president  and  research  director 
at  Gartner. 

The  market  for  learning  management  sys¬ 
tems  will  be  about  $2.75  billion  this  year, 
Lundy  says.  Gartner  had  previously  pre¬ 
dicted  that  large  ERP  vendors  would  have 
25%  of  this  market  by  2004. "But  that’s  not 
going  to  happen,"  he  says. They  now  have 
less  than  10%  market  share."* 


Managing 
Security  Software 

Can  Really  Make 
You  Hop! 


Take  one  step  instead.  And  discover  what  the  original  developers  of  Secure  Shell  did. 

Implementing  and  enforcing  new  security  policies  has  become  a  costly  challenge  for  all  corporate  IT  managers,  not  to  mention  the  continuous 
hunt  for  better  productivity  and  adaptability.  Unlike  traditional  approaches  -  network  level  security  or  application  level  security  alone  -  the  new 
SSH  Tectia'“  solution  enables  cost-effective  end-to-end  security  across  the  enterprise.  It’s  a  whole  new  suite  of  security  solutions  working  between 
the  applications  and  corporate  IT-infrastructure.  To  this  new  layer  of  security  software,  the  new  SSH  Tectia'“  offers  unsurpassed  scalability, 
adaptability  and  central  manageability  -  based  on  Secure  Shell  and  other  leading  technologies  from  SSH. 

Go  ahead  and  hop  over  to  www.tectia.com 
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Only  VERITAS  detects,  diagnoses,  and  corrects  performance  problems  from  application 
to  storage  array.  Stop  the  finger  pointing  by  pointing  your  browser  to  veritas.com 
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■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


Internap  acquires  Sockeye,  netVmg 

Service  will  cater  to  sites  served  by  multiple  ISPs. 


■  TIM  GREENE 

Intemap  is  buying  two  makers  of  Internet 
route-optimization  appliances  in  an  effort 
to  extend  its  service-level  agreements  to 
cover  network  performance  from  cus¬ 
tomer  site  to  customer  site,  not  just  within 
Internaps  network. 

The  service  provider,  which  sells  high-reli¬ 
ability  high-performance  Internet  connec¬ 
tions  among  other  services,  has  an¬ 
nounced  that  it  plans  to  buy  Sockeye  Net¬ 
works,  which  sells  appliances  and  man¬ 
aged  services.  Internap  also  has  completed 
the  purchase  of  netVmg,  which  sells  similar 
route-optimization  appliances. 

Route-optimization  gear  chooses  the  best 
paths  for  Internet  traffic  to  take  at  customer 
sites  that  use  more  than  one  ISP  It  does  so 


■  North  American  service  providers 
will  spend  $48.9  billion  on  capital 
expenditures  this  year,  a  21%  reduc¬ 
tion  from  2002,  according  to  Info- 
netics  Research.  However,  service 
providers  will  increase  their  revenue 
by  about  1%,  bringing  their  capital 
expenditure-to-revenue  ratio  to  a 
“healthy”  14%,  according  to  the  firm. 
While  a  reduction  in  capital-expendi¬ 
ture  spending  generally  has  a  short¬ 
term  negative  effect  on  vendors  sell¬ 
ing  to  service  providers,  ratios  of 
about  15%  are  a  sign  of  financial 
health,  according  to  Infonetics. 

■  New  Edge  Networks  announced 
last  week  that  it  is  expanding  the  geo¬ 
graphic  reach  of  its  DSL  services.  The 
service  provider  inked  a  deal  with 
MCI  Wholesale  Services  that 
allows  New  Edge  to  offer  better  DSL 
service  coverage  in  75  markets  includ¬ 
ing  Chicago,  Fort  Worth,  Texas,  San 
Antonio,  Texas  and  Portland,  Ore.  New 
Edge  has  been  focused  on  offering 
DSL,  ATM  and  frame  relay  services 
to  business  users  in  rural  areas.  MCl's 
network  will  allow  the  service  provider 
to  better  reach  users  in  larger  cities. 


by  probing  to  see  how  well  each  ISP  is  per¬ 
forming  and  then  choosing  the  best  one, 
based  on  performance  and  cost.  Cus¬ 
tomers  might  want  the  best  performing 
link  regardless  of  cost,  or  they  might  settle 
for  a  poor-performing  connection  that  is 
inexpensive  if  performance  isn’t  crucial. 

Intemap  uses  similar  technology  in  its  ISP 
network.  Rather  than  connecting  cus¬ 
tomers  to  Internet  network  access  points 
(NAP), the  company  connects  them  to  any 
of  a  dozen  or  so  service  provider  networks 
that  make  up  the  core  of  the  Internet. 

These  connections  are  made  at  32 
Intemap  points  of  presence  called  private 
NAPs  (P-NAP)  that  monitor  how  well  each 
core-network  provider’s  network  is  per¬ 
forming  and  funnels  traffic  to  the  one  per¬ 
forming  best.  Intemap  offers  SLAs  for  avail¬ 
ability,  delay  and  jitter  between  P-NAPs. 
Adding  netVmg  and  Sockeye  equipment  to 
its  technology  will  let  Internap  extend  its 
SLAs  beyond  the  P-NAPs  to  customer  sites. 

Internap  says  it  will  continue  to  support 
Sockeye  customers  that  buy  its  managed 
GlobalRoute  service  supported  by  Sockeye 
gear,  but  over  time  will  replace  it  with  its 
own  service  that  is  based  on  netVmg’s 
Flow  Control  appliance.The  plan  is  to  inte¬ 
grate  features  of  netVmg  and  Sockeye  plat¬ 
forms  into  one  customer  premises  equip- 


■  BY  JIM  DUFFY 

Start-up  Rev  D  Networks  last  week  un¬ 
veiled  products  that  are  designed  to  let 
users  access  traditional  voice  services 
from  a  broadband  infrastructure. 

The  company  rolled  out  Calling  Services 
Node  (CSN),  a  platform  for  corporations 
and  service  providers  that  is  intended  to  in¬ 
tegrate  the  calling  features  of  wireline,  wire¬ 
less  and  voice-over-lP  (VoIP)  networks  so 
users  can  access  those  features  as  if  they 
were  all  on  one  network.  CSN  intercepts 
and  manipulates  service  signaling  from  the 
separate  networks,  yet  requires  no  replace¬ 
ment  of  the  service  and  control  elements 
in  those  networks. 

CSN  runs  on  Sun  servers.  It  lets  users  cre¬ 
ate  “calling  communities”  by  storing  a  re¬ 
pository  of  information  on  members  of 
these  groups,  along  with  the  policies  and 


Why  buy  two? 

Internap  bought  two  makers  of 
route-optimization  appliances  — 
NetVmg  and  Sockeye  —  for  their 
development  teams  and  features 
each  offers: 

NetVmg: 

•  Historical  traffic  monitoring. 

•  Knowledge  of  optimizing  routing  for 
inbound  traffic. 

•  Platform  is  better  suited  to  supporting 
new  features. 

Sockeye: 

•  Network  performance  monitoring 
capabilities. 

•  User-interface  software  and 
reporting  platform. 

•  Customer  base  and  knowledge  of 
managed  service  delivery. 


ment  (CPE)  appliance  and  incorporate 
those  features  with  Internap’s  intelligent 
route-control  platform  called  Assimilator. 

Intemap  says  it  plans  to  add  CPE-based 
managed  security  services  to  its  offerings 


methods  that  govern  how  those  members 
interact  with  each  other  and  people  out¬ 
side  the  groups. 

Community  interaction  is  controlled 
through  call-request  or  call-announcement 
software  that  can  be  launched  from  any  IP 
or  desktop  application.  CSN  maps  the  re¬ 
quest  or  announcement  to  the  signaling  of 
any  service  network,  be  it  the  public 
switched  telephone  network  (PSTN),  wire¬ 
less  or  VoIP  Rev  D  officials  say 

CSN  also  can  reroute  calls  placed  on  one 
network  to  terminate  on  another,  or  send 
e-mail  or  instant-messaging  alerts  about  in¬ 
coming  voice  calls. 

“They  have  reconceptualized  voice  ser¬ 
vices  for  a  data-driven  network,”  says  Thom¬ 
as  Nolle,  president  of  consultancy  CIM1. 
“The  carriers  can  use  the  PSTN  to  place  the 
low-value  local  calls  and  use  the  broad¬ 
band  loop  to  place  the  high-value  calls 


and  will  base  that  on  either  a  single  hard¬ 
ware  platform  that  it  would  develop  or  on 
a  rack  of  separate  appliances. 

Whether  Internap  effectively  can  coordi¬ 
nate  its  development  team  with  those  of 
netVmg  and  Sockeye,  given  that  they  are 
based  in  Florida,  California  and  Massachu¬ 
setts,  respectively,  remains  to  be  seen,  says 
Jennifer  Liscom,an  analyst  with  Gartner. 

RackMycom,  a  St.  Louis  application  ser¬ 
vice  hosting  provider,  uses  netVmg  gear  to 
divide  its  traffic  onto  the  IP  networks  of 
three  service  providers,  says  Mike  Palmer, 
CTO  at  RackMy.com.  He  worries  that 
Intemap  might  pull  the  netVmg  gear  from 
the  market  and  make  it  available  only  to 
Intemap  managed-service  customers,  leav¬ 
ing  him  to  look  for  another  vendor.  In¬ 
ternap  says  it  doesn’t  plan  to  do  that. 

“We  use  the  platform  to  create  a  high-per¬ 
formance  network.  We  want  our  customers 
to  get  out  of  our  network  as  fast  as  possible 
and  on  to  their  destinations,”  Palmer  says. 

Intemap  bought  netVmg  for  stock  and 
required  netVmg  to  reduce  its  debt  by  $3.9 
million.  Internap  plans  to  buy  Sockeye  for 
$1.75  million. 

Sockeye  charges  monthly  rates  starting  at 
$5,000  per  location  for  its  appliance  and 
service.  Intemap  has  not  announced  pric¬ 
ing  for  its  planned  service.  ■ 


with  special  service  signaling.  It  facilitates 
the  migration  to  VoIP  by  giving  them  a  way 
to  groom  the  traffic"  without  the  added 
expense  of  new  infrastructure  or  switching 
costs. 

With  these  capabilities,  service  providers 
can  create  a  service  bundle  that’s  “more 
than  a  bag  of  groceries,”  Rev  D  officials  say. 
A  bundle  now  could  be  used  as  a  vehicle 
to  add  features  and  create  a  bridge  to 
migrate  users  from  one  service,  such  as 
PSTN  telephony  to  another,  such  as  VoIP 

Bell  Canada,  which  spun  off  Rev  D  in 
January,  has  used  CSN  for  two  years  in  a 
call-center  application. 

The  product  also  has  quietly  managed 
multi-network  call  control  in  enterprise 
accounts  since  2000,  company  officials 
say.  The  deployments  were  kept  hush- 
hush,  ostensibly  to  prepare  for  last  week’s 
commercial  launch.* * 


Platform  mixes  wireline,  wireless,  VoIP 


Can  you  see  it? 


Middleware  is  Everywhere 
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MIDDLEWARE.  It's  what  on  demand  business  demands. 
And  middleware  is  IBM  software  like  DB2?  Lotus?  Rational® 
and  WebSphere®  that  develops,  integrates  and  manages  your 
applications  and  systems.  Everything  is  efficient.  Seamless. 
Across  the  board.  Across  platforms.  Microsoft.®  Oracle.  Sun. 
You  name  it.  IBM’s  open  middleware  can  connect  it.  It’s  instant 
business  benefit.  Instant  customer  satisfaction.  On  demand, 
(©business  on  demand™  Go  to  ibm.com/software/integrate 


1.  Instantly  admitting  patient. 

2.  Immediately  processing  claim. 

3.  Automatically  approving  procedure 

4.  Constantly  tracking  treatment. 

5.  Directly  assessing  costs. 


113M  DB2  Lulus,  WebSphere,  the  e-business  logoanrfeEbiisin^>dn  demand  are  registered  trademarks  or  tr.iJemarksof  International  Business  Machines  Corporation  in  the  United  States 

ii<rt||i^MiijetnaliorlarBusin6ss  Machines  Coiporatl?#ijjjttd Rational  Spl^i^CoiJ»pration  wtH»Ui>^’4Si*^'  (Mhac  countries  or  f|nl(Ljffit|liji[^ 
is  a  registered  trademark  of  Microsoft  Corporation  the  United  States  and/or  other  cduptrif  Other  company,  product  and  service  names  may  be  trademarks'  or  service  marks  of 


others  f  2003  IBM  Corporation.  Alt  rights  reserved 
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The  switch  that  adapts 
to  any  environment. 

And  always  will. 


Introducing  the  Matrix™  N-Series 

Scalability  and  security  adapted  to  your  enterprise. 


Because  your  needs  change  so  often,  you 
need  a  switch  that  can  keep  up.  That’s  the 
revolutionary  new  Matrix  N-Series.  Thanks 
to  an  exclusive  distributed  architecture — 
where  all  switching  and  control  functions 
reside  on  each  module — the  N-Series  lets 
you  cost-effectively  add  bandwidth,  users  and 
applications  on  the  fly.  And  no  other  switch 
offers  such  a  low  entry  cost. 

A  wide  range  of  secure  connectivity 
options  means  the  Matrix  N-Series  will 
scale  to  support  converged  applications 


like  video  streaming,  VoIP  and  more  without 
expensive  upgrades.  With  unsurpassed 
reliability,  flexibility  and  investment 
protection,  the  N-Series*is  a  key  component 
to  any  Business-Driven  Network .  ™ 

Now  and  always. 

For  a  FREE  whitepaper  on  the  Matrix 
N-Series  and  Multilayer  Packet  Classification, 
go  to  enterasys.com/nw/n-series 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


My  recent  column  on  the  music  in¬ 
dustry’s  attempts  to  strong-arm  tele¬ 
phone  companies  into  monitoring 
their  customers  sparked  a  lot  of  feedback, 
virtually  all  positive  (including  comments 
from  artists  and  musicians).  The  one  dis¬ 
senting  e-mail  —  predictably  from  some 
one  in  the  media  industry  —  raised  an 
important  issue,  however. 

“The  [Recording  Industry  Association  of 
America]  is  not  asking  telcos  to  ‘monitor’ 
their  customers,  they  are  simply  asking 
them,  under  the  rights  granted  them  under 
the  Digital  Millennium  Copyright  Act 
(DMCA),  to  forward  ‘take-down’  notices  to 
customers  that  are  potentially  infringing 
copyrights,"  the  author  writes. 

He  might  not  realize  it  (many  folks 
don’t),  but  complying  with  a  “take-down” 
order  puts  telcos  in  opposition  to  50  years 
of  established  telecommunications  law 
and  practice.  Telcos  have  to  oppose  the 
RIAAs  request  —  or  accept  a  fundamental 
re-definition  of  the  concept  of  a  “service 
provider” 

The  authors  of  the  DMCA  (under  which 
the  R1AA  bases  its  actions)  seem  to  view 
the  Internet  as  a  privilege, not  a  right,  which 
can  be  taken  away  if  it’s  abused.  Hence, 
their  response  to  fears  about  copyright  in¬ 
fringement  is  to  require  telcos  to  discon¬ 
nect  offending  users. 

That  seems  fair, but  it’s  in  stark  contrast  to 
the  established  view,  which  holds  that  com¬ 
munications  is  a  right,  not  a  privilege,  and 
cannot  be  taken  away  from  users  —  even 
as  punishment  for  criminal  behavior. 

In  other  words,  as  common  carriers  there 
are  two  things  telcos  can’t  do:  They  can’t 
decline  to  provide  service  to  their  cus¬ 
tomers,  even  in  retaliation  for  criminal 
abuse  of  their  services.  And  they  can’t  lis¬ 
ten  in  on  their  customers’  conversations 
without  a  warrant.  (Note  that  warrants,  un¬ 
like  the  subpoenas  obtained  by  the  RIAA, 
require  evidence  that  a  crime  has  been 
committed.) 

The  RIAAs  take-down  request  requires 
one  or  the  other.  Specifically,  a  take-down 
request  details  that  “limited  liability  pro¬ 
viders”  (as  telcos  are  defined  under  the 
DMCA)  must  “expeditiously  remove  or  dis¬ 
able  access  to  the  offending  material.” 

The  problem  is  the  telcos  aren’t  provid¬ 
ing  the  “offending  material" —  other  users 
are.  So  there  are  only  two  ways  for  telcos  to 
comply  with  the  request: They  can  discon¬ 
nect  the  user  from  all  other  users;  or  they 
can  keep  the  user  connected  but  disallow 
the  transfer  of  “offending  material.”The  lat¬ 
ter  would  require  them  to  monitor  the  cus¬ 
tomer’s  traffic  and  refuse  to  carry  traffic 
containing  copyrighted  images. 

Either  one  is  presumably  acceptable  to 
the  RIAA,  which  seems  to  believe  that  the 


Law  and  Order:  Telecommunications  Unit 


right  to  protect  intellectual  property 
trumps  all  other  rights. 

Neither  one  is  acceptable  according  to 
telecommunications  law,  which  is  carefully 
crafted  and  tuned  over  the  years  to  bal¬ 


ance  multiple  rights,  including  freedom  of 
speech  and  freedom  from  unwarranted 
search.  And  some  of  us  —  even  those  who, 
like  me, support  intellectual  property  rights 
—  think  that  balance  is  a  good  thing. 


Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


DO  YOUR 
NETWORK  & 
APPLICATIONS 
GET  ALONG? 

Imagine 

no  compatibility  issues, 
no  conflicts. 


Like  family,  IP-based  enterprise  networks  and  their 
applications  should  rely  on  each  other.  But  living 
under  the  same  roof  doesn't  guarantee  harmony. 
And  that  discord  comes  at  a  high  cost.  F5  products 
bring  everyone  into  perfect 
agreement  by  creating  a 
Virtual  team  out  of  servers, 
applications,  WAN  links, 

data  centers,  security  devices  and  more  to  intelli¬ 
gently  deliver  information  over  any  IP  network. 

When  everyone  is  working  together,  you'll 
achieve  the  high  availability  performance  you 
need,  combined  with  an  efficient,  secure  network 
infrastructure  that  ensures  the  reliable  delivery  of 
Internet  traffic,  applications  or  Web  services — 
all  at  a  cost  you  can  afford. 

Imagine  harmony  that  produces  world-class 
performance.  To  learn  how,  download  our  free 
guide,  "Delivering  secure,  predictable  and  cost- 
effective  applications"  at  www.f5.com/atmnw. 

Or  call  800-916-7152. 
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Longer 
Battery  Life: 

Power-conserving 
technology 
enables  extended 
battery  life. 


High 
Performance: 

Extremely 
responsive  to  the 
most  demanding 
business 
applications 


The  Unwired  Office 

starts  here. 


The  promise  of  a  truly  wireless  workforce 
is  being  fulfilled.  Because  Intel®  Centrino™  mobile 
technology  delivers  unprecedented  levels  of 
mobility  for  your  users  and  easier  deployment 
for  you,  Intel  is  working  with  other  industry 
leaders  to  make  wireless  networking  not  only 
reliable*  but  secure.  And  Intel  continues  to 
work  closely  with  Cisco  to  extend  Intel  Centrino 
mobile  technology’s  ability  to  support 
enhanced  wireless  security  protocols.*  Mow 
you  can  do  something  the  whole  office 
will  thank  you  for.  Unwire,  For  ail  the  details* 
go  to  intel.com/unwire. 


in y 

©2003  Intel  Corporation.  Intel.  Intel  Inside  and  the  Intel  Centrino  logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States 
and  other  countries.  Other  names  and  brands  may  be  claimed  as  the  property  ot  others.  All  rights  reserved.  System  performance,  battery  life,  wireless 
performance  and  functionality  will  vary  depending  on  your  specific  hardware  and  software  configurations.  See  http: '/www.intel  com products/centrino/more.  info 
for  more  information.  ‘Some  security  solutions  may  not  be  supported  by  your  PC  manufacturer.  Check  with  your  PC  manufacturer  for  details  on  availability 
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Nokia  Mobile  Connecnv.^ 
solutions ...  and  it  teeis  g 
exclaims  Mary  Langer, 
office  manager. 
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Secure,  thought  of  a  real  breakthrt 

Reliable,  their  working  lives. 
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Introducing  a  new  era  of  secure,  corporate  business  freedom  ‘ 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity  solutions. 
CIOs  and  IT  managers  can  provide  the  mobility  and 
security  of  anytime,  anywhere  access  to  users  — 
while  empowering  everyone  from  the  CEO  to  field 
salesforce  teams  with  the  information  needed  to  do 
their  work  where  and  when  they  choose.  Nokia 
Mobile  Connectivity  solutions  include  a  range  of  IPSec- 
and  SSL-based  client  and  gateway  products  that 


NOKIA 

Connecting  People 


provide  secure,  appropriate  access  to  corporate 
email  and  applications.  Enterprises  will  discover  new 
levels  of  efficiency  from  their  workforce,  while 
giving  them  greater  freedom  to  manage  their  business 
and  personal  lives.  All  solutions  are  easy  to  deploy 
and  manage,  are  based  on  award-winning  technology 
and  are  backed  by  Global  Support  and  Services. 

So  if  you  want  greater  working  freedom  that’s  IT 
approved,  go  ahead  and  escape. 
Visitvwvw.nokia.com/mobileaccess/americas 
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■  PRODUCTS,  SERVICES  AND  STRATEGIES 
FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Microsoft  SBS  2003  suits  small  offices 


■  BY  JAMES  GASKIN 

The  old  saying, “third  times  a  charm”  def¬ 
initely  applies  to  Microsoft’s  Small  Business 
Server  2003.  Released  last  week,  SBS  2003  is 
a  polished  and  well-designed  product  that 
will  satisfy  the  needs  of  small  offices  with 
multiple  PCs  but  no  central  file  server  or  IT 
support. 

Expanding  on  SBS  systems  built  on 
Windows  NT  and  2000, 

SBS  2003  comes  in  two 
editions:  Standard  and 
Premium.  The  Standard 
Edition  includes  file  and 
print  services,  Internet 
Information  Server,  Web 
and  portal  services,  and  Exchange  Server 
2003.  The  Premium  Edition  adds  SQL 
Server  2000,  the  Internet  Security  and 
Acceleration  server  and  Office  FrontPage 
2003.  Pricing  starts  at  $500  and  $1,500, 
respectively  including  five  client  licenses. 

Many  server  appliance  vendors  aim  to 
make  their  products  easy  for  non-technical 
users  to  run,  with  varying  success.  But 
Microsoft  achieves  ease  of  use  two  ways. 
First,  hardware  vendors  such  as  Dell  and 
HP  will  preinstall  the  software  on  their 
servers,  so  users  need  only  configure  their 
network  details.  Second,  the  installation  is 
wizard-based,  producing  a  workable  de 
fault  configuration  in  nearly  every  case. 


We  tested  the  product  two  ways,  once 
with  it  preinstalled  and  once  from  scratch. 
We  received  an  HP  Server  TC2 120  with  the 
final  beta  software  preinstalled.  Config¬ 
uration  consisted  of  details  for  network 
addressing  and  connecting  to  our  cable 
modem.  Installation  went  quickly 

When  the  official  SBS  2003  software 
became  available,  we  installed  it  onto  an 
existing  server.  After  about  an  hour  of  han¬ 
dling  Windows  installa¬ 
tion  details,  we  reached 
the  same  To  Do  List 
screen  for  configuring 
the  software  as  we  did 
with  the  pre-installed 
version. 

Microsoft  includes  a  poster-sized  Quick 
Start  Guide  with  space  to  jot  down  pre¬ 
installation  information.  The  guide  was 
remarkably  clear,  even  when  handling  mul¬ 
tiple  options  and  explaining  technical  con¬ 
cepts  such  as  disk  partitioning. 

We  liked  the  To  Do  List  screen,  located  in 
server  management  utilities.  It  provides 
necessary  configuration  steps,  along  with  a 
button  to  click  for  context-sensitive  help. 
Each  step  opens  a  wizard  to  help  complete 
the  task  and  a  Done  box  you  can  check 
when  finished.  You  also  can  access  the  To 
Do  List  from  the  management  screen  for 
configuration  help  as  needed. 

Basic  file  and  print  services  for  client  PCs 
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Takes 


■  The  number  of  full-time  telecom¬ 
muters  has  doubled  since  2000, 
according  to  a  new  Meta  Group 
report,  “Teleworkers:  An  Emerging 
Minority."  Add  to  this  teleworkers  who 
spend  more  than  half  their  time  work¬ 
ing  outside  the  office,  and  the  num¬ 
bers  become  “staggering."  Although 
the  report  urges  businesses  to  con¬ 
sider  the  needs  of  teleworkers  when 
crafting  an  IT  strategy,  today  90%  of 
companies  still  provide  remote  access 
via  dial-up  connections.  But  by  2004, 
the  report  predicts  40%  of  global  2000 
companies  will  put  broadband  policies 
in  place  that  include  acceptable  use, 
payment  and  service-level  expecta¬ 
tions.  By  2006,  it  will  increase  to  60%. 


■  Panasonic  recently  announced  it 
has  developed  Kebab,  a  new  network 
protocol  aimed  at  easing  remote  con¬ 
nections  to  home  network  devices. 
Because  most  broadband  connec¬ 
tions  —  and  the  devices  connected  to 
the  home  network  —  rely  on  dynamic 
IP  addresses,  which  can  change,  cell 
phones  and  other  devices  outside  the 
home  can't  locate  them.  Using  Kebab, 
each  device  is  connected  to  a  central 
server  managed  by  Panasonic,  which 
keeps  a  map  of  each  device  and  its 
current  IP  address.  When  a  remote 
user  tries  to  access  a  home  device, 
the  Kebab  server  gives  the  current 
location  on  the  network.  Panasonic 
already  has  built  the  protocol  into  sev¬ 
eral  hard  disk-based  video  recorders, 
and  the  company  is  exploring  licens¬ 
ing  agreements  with  other  consumer 
electronics  manufacturers. 


are  handled  easily  using  Microsoft’s  stan¬ 
dard  network  processes.  Users  can  config¬ 
ure  private  storage  space  on  the  server;  and 
for  easy  centralized  data  backup,  the  server 
can  redirect  each  client’s  My  Documents 
folder  to  the  server.  Users  also  can  share 
information  via  Microsoft’s  SharePoint 
Services.  SharePoint  lets  you  access  docu¬ 
ment  libraries,  view  announcements, 
engage  in  threaded  discussions  and  link  to 
internal  and  external  resources. 

The  home  page  on  the  server  manage¬ 
ment  console  gathers  all  the  server  infor¬ 
mation.  Administration  relies  on  simple 
“click  to  configure”  options.  Users  familiar 
with  managing  a  Windows  peer-to-peer  net¬ 
work  will  have  no  trouble  configuring  user 
access  to  disk  shares  and  other  standard 
network  management  tasks. 

Despite  the  server’s  many  improvements, 
we  came  away  with  some  quibbles  and 
concerns.  For  one,  Microsoft  is  pushing  the 
product’s  remote-access  capabilities,  spec¬ 
ifically  Outlook  Web  Access  and  direct  con¬ 
nection  to  SBS  2003  across  the  Internet.  But 
the  documentation  doesn’t  ensure  users 
will  enable  them  securely  Important  details 
are  buried  in  the  Getting  Started  Guide 
appendix,  and  users  are  pushed  to  use  a 
Universal  Plug  and  Play  router,  ignorant  of 
the  security  problems  with  UPNP  devices. 
Before  setting  up  SBS  2003’s  remote-access 
features,  we  recommend  getting  help  from 
dealers  or  consultants. 

The  Windows  98  clients  we  tested  could¬ 
n’t  run  a  Remote  Network  Configuration 
Wizard  or  connect  to  SharePoint.  To  enjoy 
all  SBS  2003’s  benefits,  you  need  to 
upgrade  to  Win  2000  or  XP 

For  small  businesses,  the  Exchange  2003 
server  seems  like  overkill,  although  it  ran 
efficiently  It  lacks  direct  support  for  POP3 
clients,  forcing  Eudora  users  (for  example) 
to  move  to  Outlook  or  Outlook  Express  or 
use  a  Web  mail  option. 

While  static  IP  addresses  for  the  server 
and  other  PCs  are  supported  properly  the 
Dynamic  Host  Configuration  Protocol  serv¬ 
er  for  assigning  IP  addresses  to  client  com¬ 
puters  works  unusually. There  is  no  way  to 
specify  an  address  range  for  allocation, 
only  a  way  to  block  address  ranges. 

To  test  back-up  and  restore  capabilities, 
we  connected  a  Sony  StorStation  AIT-2  USB 
tape  back-up  drive.  However, SBS  2003  only 
recognized  an  earlier  Sony  AIT  drive. 
Although  SBS  2003  accepted  the  drive  and 
ran  a  backup  with  no  errors  listed,  it  didn’t 
read  the  restoration  files,  probably  because 
of  incompatibilities  between  the  old  and 


Net  Results 

Microsoft  Small 
Business  Server  2003 

OVERALL  RATING 

4.2 

Company:  Microsoft,  (888)  218-5617 
Cost:  $600forthe  standard  edition;  $1,500 
for  the  premium  edition.  Both  include  five 
user  licenses.  Pros:  Installation  is 
straightforward  for  a  product  with  multiple 
components;  SharePoint  collaboration  is 
easy  yet  powerful;  surprisingly  low  RAM 
requirements  provide  adequate  perfor¬ 
mance;  useful  monitoring  tools  and 
wizard-driven  configuration  in  the  man¬ 
agement  portal.  Cons:  DHCP  IP  address¬ 
ing  handled  poorly;  backup  reported  well 
but  couldn't  restore  from  tape. 


The  breakdown 

Manageability  25% 

4 

Features  25% 

4 

Ease  of  setup  20% 

5 

Documentation  20% 

4 

Reporting  tools  10% 

4 

TOTAL  SCORE 

4.2 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently  subpar 


new  drivers.  IT  administrators  know  to  test 
restorations  before  trusting  a  tape  unit,  but 
non-technical  users  don’t.  SBS  2003  should 
have  reported  the  backup  wasn’t  viable. 

Last,  previous  SBS  editions  didn’t  have 
the  low-entry  cost,  but  client  licenses  cost 
less,  $60  rather  than  $100.  If  a  company 
adds  23  additional  users,  the  cost  advan¬ 
tage  is  gone  ($2,879  for  SBS  2000  vs.  $2,876 
for  SBS  2003).  Because  SBS  2003  can  han¬ 
dle  a  total  of  75  clients  expanding  on  the 
earlier  cap  of  50  users, you  can  pay  more  at 
the  end  even  if  you  start  out  paying  less.  But 
Microsoft  says  the  vast  majority  of  its  target 
audience  has  only  a  handful  of  clients  and 
will  therefore  see  a  substantial  decrease  in 
their  networking  costs,  yet  still  have  room 
to  grow. 

Gaskin  is  a  technology  writer  in  Dallas.  He 
can  be  reached  at  readers@gaskin.com. 

More  online! 

See  screen  shots  and 
more  information  about 
Microsoft  Small  Business 
Server  2003. 
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The  future's  more  affordable 
than  it  used  to  be. 

Time  to  bring  your  users  up 
to  Gigabit  speed. 


Gigabit  Ethernet. 

It's  not  just  for  the 
data  center  anymore. 

Advanced  silicon  and  Gigabit-ready  computers  have 
slashed  the  cost  of  future  proofing  your  workgroups. 
Right  now,  Gigabit  Ethernet  can  give  you  considerably 
more  bandwidth  for  the  buck  than  installing  10/100. 

Bring  your  users  up  to  Gigabit  speed — affordably — 
with  these  new  3Com®  switches: 


3Com  OfficeConnect*  Gigabit  Switch  5 


3Com  Baseline  Switch  2300 


3Com  SuperStack^  Switch  3800  Family 


3Com  OfficeConnect®  Gigabit  Switch  5  packs  five 
autosensing  10/100/1000  ports  and  traffic  prioriti¬ 
zation  into  a  small,  simple,  silent  device. 

3Com  Baseline  Switch  2800  models  deliver  full 
wirespeed  Gigabit  in  plug-and-play,  1RU  rack- 
mountable  units  that  don't  require  management. 

3Com  SuperStack®  Switch  3800  models  are 
managed  Layer  2  switches  with  prioritization,  link 
aggregation  and  fiber  port  options — plus  a 
powerful  management  application. 

That's  lots  of  desktop  Gigabit  for  not  a  lot  of 
money.  All  backed  by  3Com's  limited  lifetime 
warranty,  and  NBD  advance  hardware  replacement 
for  the  rack-mount  units. 


Visit  www.3com.com/gigabit/3hotspot 
to  find  out  more  about  3Com's  new  Gigabit 
switching  solutions. 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


Session  controllers  join  H.323  and  SIP 


HOW  IT  WORKS 


Session  controllers 

Session  controllers  solve  the  problem  of  connecting 
diverse  VoIP  applications  by  letting  H.323  and  SIP  traffic 
endpoints  interoperate. 


Session  controller 
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Unified  messaging  server 


©  User  calls  a  SIP-based  unified-messaging  system  to  access  voice  mail.  The  H.323  IP  PBX  sends 
an  H.323  setup  message  to  the  session  controller. 
o  The  integrated  H.323  gatekeeper  determines  that  the  call  is  destined  for  a  SIP  endpoint  and 
forwards  the  setup  to  the  session  controller  for  translation. 

©  The  session  controller  translates  the  H.323  setup  into  the  corresponding  SIP  invite  message. 

©  The  session  controller’s  integrated  SIP  proxy  forwards  SIP  invite  to  the  unified-messaging  system. 

Response  messages  are  returned  via  the  same  signaling  path. 

©  If  the  call  is  successful,  Real-time  Transport  Protocol  (RTP)  traffic  is  passed  directly  between  the 
endpoints  or  via  the  firewall,  depending  on  security  policies  that  the  session  controller  provisions. 


■  BY  SRIDHAR  RAMACHANDRAN 

Deployment  of  voice-over-IP  endpoints, 
such  as  Session  Initiation  Protocol  phones 
and  H.323  IP  PBXs,  within  corporations  has 
presented  IT  with  new  interoperability 
challenges.  A  new  breed  of  network  equip¬ 
ment  called  session  controllers  offer 
H.323/SIP  interworking  to  solve  the  com¬ 
plexities  of  connecting  a  diverse  set  of  VoIP 
and  other  collaborative  applications. 

Although  H.323  and  SIP  address  similar 
requirements,  the  mechanics  of  how  they 
perform  call  setup,  media  negotiation  and 
call  tear-down  makes  them  incompatible 
and  prevents  direct  connectivity  between 
SIP  and  H.323  endpoints. 

That’s  where  a  session  controller  comes 
in.  A  session  controller  provides  services 
between  H.323  and  SIP  endpoints.  In 
effect,  this  hardware/software  combination 
operates  simultaneously  as  an  H.323  gate¬ 
keeper  and  SIP  proxy  server.  In  addition,  it 
provides  the  SIP/H.323  interworking  func¬ 
tion  that  enables  any-to-any  connectivity 
between  endpoints. 

The  H.323  gatekeeper  provides  address 
translation,  and  controls  access  to  the  net¬ 
work  for  H.323  endpoints.  The  SIP  proxy 
provides  the  primary  capabilities  required 
for  call-session  management  in  a  VoIP  net 
and  processes  SIP  requests  and  responses. 

H.323  endpoints  provide  real-time,  two- 
way  communications.  An  H.323  endpoint 
can  offer  speech  only;  speech  and  data; 
speech  and  video;  or  speech,  data  and 
video.  A  SIP  user  agent  is  equivalent  to  an 
H.323  endpoint. 

H.245  is  the  ITU-T  recommendation  that 
describes  how  H.323  endpoints  perform 
mode-switching  and  exchange  capabilities 


such  as  codec  support  via  the  terminal 
capability  set.  SIP  Session  Description  Pro¬ 
tocol  (SDP)  is  the  SIP  equivalent  to  H.245. 

When  calls  are  placed  between  an  H.323 
endpoint  and  an  SIP  user  agent,  logically 
the  session  controller  views  a  call  as  two 
call  legs  —  an  ingress  leg  terminating  on 


the  session  controller  and  an  egress  leg 
that  the  session  controller  generates.  The 
protocol  used  for  the  egress  call  leg  is 
determined  dynamically  and  is  triggered 
by  the  protocol  type  provisioned  for  the 
remote  destination. 

The  session  controller’s  interworking 


function  must  support  ail  mandatory  fea¬ 
tures  of  SIP  and  H.323  and  user  address¬ 
ing  (that  is,  phone  numbers)  must  be  pro¬ 
tocol-independent  with  common  registra¬ 
tion  paradigms  adhered  to. 

In  addition,  relevant  H.245  terminal-capa¬ 
bility-set  parameters  from  the  H.323  end¬ 
point  must  be  mapped  to  SDP  destined  for 
the  SIP  user  agent  and  vice  versa  so  that 
the  endpoints  can  convey  their  capabilities 
to  each  other.  In  this  way  the  session  con¬ 
troller  translates  the  messages  between  the 
two  protocol  sets. 

For  more-advanced  capabilities  such  as 
call  hold,  call  transfer  and  dual-tone  multi¬ 
frequency  (DTMF)  processing, session  con¬ 
trollers  must  translate  messages  and  also 
bridge  between  the  protocol  sets  to  pro¬ 
vide  total  seamlessness. 

Low  bit-rate  codecs,  such  as  G.723.1,  ren¬ 
der  DTMF  tones  unintelligible  and  require 
the  use  of  specially  marked  Real-time 
Transport  Protocol  (RTP)  packets  such  as 
RFC  2833  or  out-of-band  methods  to  carry 
DTMF  information. 

RFC  2833  uses  the  RTP  stream  to  carry 
DTMF  data  and  is  the  transport  method  of 
choice  if  the  SIP  user  agent  and  H.323  end¬ 
point  support  it. 

By  resolving  the  signaling  conflict  be¬ 
tween  H.323  and  SIP  using  session  con¬ 
trollers,  companies  successfully  can  deploy 
cost-effective,  H.323-based  IP  PBXs  while 
building  toward  an  SIP-based  applications 
architecture.  Session  controllers  provide  IT 
managers  with  an  off-the-shelf  solution  that 
provides  H.323/SIP  interworking  functions. 

Rarnachandran  is  co-founder  and  CTO 
of  NexTone  Communications.  He  can  be 
reached  at  sridhar@nextone.com. 


Dr.  Internet  By  Steve  Blass 

Our  online  workstation-inventory  form  records 
information  about  workstations  when  we  make 
desktop  service  calls.  We  want  to  automate  the 
form  submission  so  technicians  can  update  the 
inventory  with  a  button-click.  We  want  to  use 
a  Java  applet,  but  it  is  difficult  to  read  the  sys¬ 
tem-level  configuration  information  we  want  to 
record  from  the  browser  applet.  Do  we  have  to 
provide  downloadable  executables  for  each 
platform? 


Try  repackaging  the  applet  as  an  application  and 
deliver  it  to  the  workstation  via  a  Web  site  link. 
You  can  get  the  basic  system  properties  object 
—  call  it  p  —  with  the  System. getProperties() 
call  and  then  use  a  call  to  p.list()  to  retrieve  the 
properties  list.  Collect  the  network  configuration 
information  through  the  InetAddress  class  by 
starting  with  InetAddress. getLocalHost()  to  get 
the  primary  IP  address.  Any  secondary  address¬ 
es  can  be  obtained  by  calling 
InetAddress.getAilBy 


Name  on  the  result  returned  by  InetAddress.get 
LocalHost().GetHostName().  After  gathering  the 
inventory  information  and  formatting  your  mes¬ 
sage  for  posting  to  the  Web  server,  establish  a 
URL  connection  to  the  Web  server  form,  open 
your  output  stream  to  the  URL  connection  and 
post  the  inventory  update  message  to  the  server. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 


Last  week  we  discussed  the  D-Link  DCS- 
1000W  Air  2.4-GHz  wireless  network 
Internet  camera  (www.nwfusion. 
com,  DocFinder  8026),  a  terrific  wireless 
Webcam  system  priced  at  around  $300. 

And  hot  on  its  heels  we  received  a  new 
wireless  video  camera  from  Linksys.  This 
product  is  the  WVC1  IB  Wireless-B  Internet 
Video  Camera  (details  at  DocFinder: 8027), 
also  offering  802.11b,  or  10/100M  bit/sec 
Ethernet  connections.  The  Linksys  camera 
is  similar  in  features  and  slightly  less  expen¬ 
sive  than  the  D-Link  model  with  a  retail 
price  of  about  $230. 

Setting  up  the  camera  is  simple.  There 
are  a  number  of  setup  options,  including 
resolution  (the  maximum  screen  size 
supported  is  half  VGA,  or  320  by  240  pix¬ 
els),  image  quality,  automatic  or  manual 
brightness,  and  RGB  color  correction. 

The  frame  rate  is  set  automatically  by 
the  camera,  depending  on  the  number  of 
clients.  But  despite  our  tweaking,  the 
image  quality  of  the  WVC11B  was  not 


YAIPVC  (yet  another  IP-enabled  video  camera) 


quite  as  sharp  as  it  was  on  the  D-Link 
camera. 

You  also  can  enable  time-stamping  and 
set  a  title  (such  as  “Office  Camera”)  to  be 
displayed  on  the  image.  These  captions 
work  but  don’t  render  very  clearly  in  the 
video  output. 

You  can  watch  and  save  the  video  stream 
using  the  supplied  view-and-record  utility, 
although  we  found  the  software  to  be  flaky 
After  working  fine  for  some  hours  it  sud¬ 
denly  wouldn’t  access  the  camera,  claim¬ 
ing  that  the  name  or  password  was  incor¬ 
rect.  In  the  end  we  deleted  the  camera 
entry  from  the  utility  and  added  it  again, 
after  which  it  worked. 

The  utility’s  recording  functions  let  you 
record  ad  hoc  or  set  up  schedules  for  mul¬ 
tiple  cameras  for  simultaneous  recording. 
The  video  is  saved  in  ASF  format  so  you 
will  need  Microsoft  Media  Player  7  or 
above  to  view  the  content. 

The  other  way  to  view  camera  output  is 
from  the  camera’s  built-in  Web  server  using 
Internet  Explorer  5.5  or  above.  Explorer  is 
required  because  the  video  data  is  han¬ 
dled  by  a  Windows  OCX  control  that  is 
downloaded  and  installed  on  first  access. 
According  to  the  documentation,  up  to 
four  users  can  simultaneously  view  the 


video  stream. 

The  camera  also  has  Linksys’  SoloLink 
Dynamic  DNS  service  built  in.  With  DDNS 
service  you  can  make  the  camera  accessi¬ 
ble  by  name  even  if  your  ISP-assigned  IP 
address  is  not  static. 

This  service  costs  $19.95  per  year,  which 
seems  expensive  when  you  can  get  an 
equivalent  service  for  free  without  much 
effort. 

WVCllB’s  advanced  features  let  you  en¬ 
able  movement  detection  and  reporting. 
When  movement  is  detected  a  report  is 
e-mailed  to  whatever  address  you  require 
with  an  ASF  file  showing  what  triggered  the 
report.  The  documentation  warns  that 
detection  can  be  triggered  by  light-level 
changes  so  pointing  the  camera  at  an  out¬ 
door  scene  could  cause  more  triggers  than 
you’d  like. 

This  feature  is  actually  useless  because 
light  changes  occur  indoors.  The  camera 
should  compensate  for  light-level  changes 
and  detect  scene  changes  more  accurately 
for  this  feature  to  be  useful  in  all  but  the 
most  limited  circumstances  (for  example, 
monitoring  an  artificially  lit  corridor). 

We  tried  for  about  an  hour  to  get  the 
e-mail  reports  sent  via  our  local  mail 
server.  Despite  several  resets  we  didn’t  have 


any  luck,  but  then  for  no  apparent  reason 
they  started  working!  The  camera  also  can 
be  enabled  for  Universal  Plug  and  Play, but 
we  still  can’t  get  that  to  work. 

We  called  Linksys  technical  support. 
What  a  joke!  The  first  technician  gave  up 
and  hung  up  on  us,  and  the  second  was 
totally  inept  (and  not  very  well-spoken, 
using  the  phrase  “it  ain’t  working”  without 
any  apparent  intention  of  being  funny). 

As  with  the  D-Link  camera  we  discussed 
last  week,  you  can  define  users  and  pass¬ 
words.  But,  as  with  the  D-Link  system,  there 
is  no  support  or  information  on  how  to  use 
the  client-side  viewing  software  in  your 
own  Web  page  —  it  appears  to  be  limited 
to  the  default  page  from  the  camera. 

This  leads  us  to  wonder  why  so  many 
products  of  this  type  seem  to  ignore  the 
need  for  customization  so  that  the  end 
user  can  be  presented  with  a  look  and  feel 
that  is  appropriate  to  the  application. 
Answers  on  a  postcard  please. 

Overall,  the  WVC11B  Wireless-B  Internet 
Video  Camera  is  good  but  needs  a  lot  of 
polishing  to  get  a  higher  rating. Oh, and  per¬ 
haps  technical  support  could  be  a  little 
better  trained. 

Your  views  to  gearhead@gibbs.com. 


Cool 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


New  Sharp  notebook  includes  auto-backup 

Sharp  Systems  of  America  last  week  launched  a  note¬ 
book  geared  to  small  and  midsize  business  users  that 
includes  automatic  synchronization  and  back-up 
capabilities.  _ 

The  Actius  MC22  ($1,400) 
includes  DirectHD  and 
SharpSync  technology, 
which  lets  users  back  up 
the  notebook  data  to 
another  PC  through  a  USB 
connection.  When  the 
notebook  is  plugged  into 
a  PC,  the  SharpSync  tech¬ 
nology  synchronizes  fol¬ 
ders  between  comput¬ 
ers,  making  sure  that  the 
lei',  s’,  version  of  each 


L''.  rr>C2‘2  includes 

trm!  f  itiM  backup 
to  6*.  Vhsi  PC. 


file  is  on  both  machines.  Until  recently  the  technology  was 
available  only  on  Sharp’s  ultraportable  Actius  MM  10 
model.  DirectHD  technology  lets  the  primary  PC  view  the 
notebook  as  an  external  hard  drive. 

The  MC22  includes  an  AMD  Athlon  XP-M  processor 
2200+,  256M  bytes  of  double-data-rate  SDRAM  (upgrade- 
able  to  768M  bytes),  a  40G-byte  hard  drive,  integrated 
802.1  lg  wireless,  integrated  10/100  Ethernet,  V.90  fax 
modem  and  Windows  XP  Home  Edition. 

Other  features  include  a  CD-R/RW/DVD  combination 
drive,  a  12.1-inch  LCD  screen  and  5.1-channel  surround- 
sound  support. 

For  more  information,  go  to  http://sharp.smartermall. 
com). 


New  iPaqs,  GPS  receiver 
from  HP 

HP  this  week  is  expected  to 
announce  two  new  iPaq 
Fbcket  PC  handheld  PDAs,  the 
h4350  and  h4 150.  The  h4150 
includes  integrated  802.11b 
and  Bluetooth  wireless  con¬ 
nectivity  in  a  very  thin  and  light 
form. The  h4350  has  an  integrat¬ 
ed,  backlit  keyboard  for  easier 
text  input  and  integrated  wire¬ 
less  connectivity 
The  h4 150  will  be  priced  at 
$450  and  can  be  ordered  now 
online  via  HP’s  Web  site.  The 
h4350  will  cost  $500  and  is 
expected  to  be  available  next 
month. 

Both  devices  include  a  Secure 
Digital  I/O  slot  to  add  peripherals 
such  as  memory  cards,  wireless 
connectivity  cards  and  a  digital 


camera  (the  HP  Photosmart  Mobile  Camera). Both  devices 
also  include  64M  bytes  of  RAM  (56M  bytes  available  to 
users),  and  a  400-MHz  xScale  processor. 

Security  features  on  both  handhelds  include  support  for 
VPN  and  Wired  Equivalent  Privacy,  as  well  as  wireless  sup¬ 
port  for  Lightweight  Extensible  Authentication  Protocol 
and  802.  IX. 

The  company  also  launched  the  HP  iP&q  Navigation 
System,  a  global-positioning-system  receiver  that  connects 
to  an  iPaq  to  provide  in-vehicle  navigation. 

The  system  includes  Navtech  map  data,  and  a  database 
with  more  than  1  million  entries  that* can  direct  users  to 
restaurants,  hotels  and  gas  stations,  among  other  “points  of 
interest,”  HP  says. 


Vendors  pony  up  802.1 1g  USB  adapters 

Several  companies  in  recent  weeks  have  come  out 
with  the  final  link  in  the  802.1  lg  chain:  USB  adapters. 

Early  802.1  lg  adapters  included  the 
PC  Card  form  factor,  as  well  as 
Ethernet  adapters  that  could 
connect  Ethernet-port- 
enabled  equipment, 
such  as  game  consoles, 
stereo  equipment  and 
laptops.  Now  come  USB 
adapters,  which  let  you 
connect  older  desk¬ 
tops  to  an  802.1  lg  net¬ 
work. 


D-Link’s  USB  wireless  802.1  lg 
adapter  is  one  of  many  new  USB 
offerings. 


Buffalo  Technology  (WU-USB4354,  $100),  D-Link  (DWL- 
G 150,  $80)  Netgear  (WG121,$70)  and  Linksys  (WUSB54G, 
$120)  have  announced  the  new  adapters. 

Now  you  have  no  excuse  not  to  install  an  802.1  lg  net¬ 
work  within  your  home  or  home  office  because  every  type 
of  device  is  covered  you’d  want  to  connect  to  the  network. 


Shaw  can  be  reached  at  kshaw@nww.com. 


THE  BEST  OVERALL  GRADE  FROM 
PC  MAGAZINE  BELONGS  TO  DELL 


For  the  12th  time  in  13  years,  Dell  has  earned  an  A  or  A+  for  service  and  reliability  while  the  second  closest  major  competitor  scored  only  a  C+. 
Dell's™  OptiPlex  desktop  delivers  what  today's  business  needs:  the  stability,  reliability  and  manageability  that  helps  lower  TCO.  The  OptiPlex  mainstream 
line  of  desktops  feature  Intel®  Pentium®  4  Processors  with  HT  technology.  With  that  you  get  an  integrated  Gigabit  network  connection  as  well  as  Dell’s 
expert  service  and  reliability.  All  in  all,  the  OptiPlex  gives  you  the  best  value  for  upgrading  your  corporate  PC  environment.  Find  out  how  the  Dell  OptiPlex 
can  be  part  of  a  total  managed  services  solution  for  your  corporate  business  team.  Call  1-877-432-DELL  or  visit  www.dell.com/bizpc  today. 


SMALL  SIZE  without  COMPROMISE 


Chassis  size  5.1  Liters  7.3  liters 

Chassis  weight  8  lbs.  15.4  lbs. 


Best  in  class  corporate  desktops  Easy  as 
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EDITORIAL 

Jeff  Caruso 

Carriers  go 
bonkers  over 
bundling 

You  know  those  service  bundles  that  service 

providers  offer  to  small  businesses  and  individuals? 
To  hear  top  carrier  executives  tell  it,  bundling  is  the 
hottest  thing  since  touch-tone.  It  not  only  helps  bring  in 
new  business,  it  also  reduces  customer  churn. 

At  a  recent  Goldman  Sachs  conference  in  New  York,  carri¬ 
ers  boasted  that  the  bundles  —  which  combine  unlimited 
long-distance,  iocal  calling  and  data  services  at  discounted 
rates  —  increase  revenue  for  each  account. 

“When  you  do  the  pluses  and  minuses  on  this,  we  are 
getting  more  revenue  per  customer,” said  Lawrence 
Babbio, Verizon  vice  chairman  and  president. 

Whether  customers  are  turning  to  the  plans  to  consoli¬ 
date  services  and  billing  or  simply  looking  for  discounts, 
small  businesses  and  consumers  are,  on  average, spend¬ 
ing  more  with  a  single  service  provider  rather  than 
spreading  the  funds  among  several. 

Interestingly,  these  packages  seem  to  engender  cus¬ 
tomer  loyalty.  As  BellSouth  Chairman  and  CEO  Duane 
Ackerman  said, “extended  customer  life  more  than  offsets 
bundle  discounts.” 

Ackerman  said  BellSouth  had  been  losing  small  busi¬ 
nesses  at  an  alarming  rate:  29,000  lines  per  month  in 
2001.  With  aggressive  customer  re-acquisition  efforts  and 
the  introduction  of  bundles  —  which  have  become  more 
attractive  because  BellSouth  now  offers  long-distance  — 
BellSouth  slowed  the  bleeding  to  3,000  lines  per  month  in 
the  first  half  of  this  year. 

AT&T  Chairman  and  CEO  Dave  Dorman  echoed  the 
sentiment  that  bundling  is  best.  He  said  bundling  helped 
increase  AT&T’s  local  voice  minutes  39%  in  the  second 
quarter  compared  with  the  same  period  last  year. 

The  one  detractor  was  Nextel  President  and  CEO  Tim 
Donahue,  who  said  he  wasn’t  tempted  to  bundle  his  com¬ 
pany’s  wireless  and  popular  push-to-talk  services  with 
landline  services.“Not  being  attached  to  a  telephone 
company  is  a  good  thing,”  he  said. 

However,  even  he  left  the  door  open  wfien  he  said  he 
might  be  open  to  bundling  possibilities. 

Bundling  seems  like  a  win-win  for  businesses  and  carri¬ 
ers  alike  —  the  carriers  increase  revenue  while  businesses 
get  discounts  and  the  ease  of  dealing  with  fewer 
providers.  As  for  which  of  the  carriers  wins  out,  while  con¬ 
ventional  wisdom  says  the  incumbent  local  exchange 
carriers  have  an  edge,  any  carrier  has  a  chance  to  suc- 
.  /  (•d  if  it  offers  the  best  bundle. 

■  real  test  will  come  if  (or  is  it  when?)  the  carriers 
to  see  just  how  loyal  customers  are  and  try  to  milk 
h  cow  by  raising  bundle  rates. 


—  Jeff  Caruso 
Managing  editor,  online  news 
jcaruso@nww.  com 


Spam  in  the  wild 

Your  test  of  anti-spam  tools  (www.nwfusion.com, 
DocFinder:  8025)  states: “Estimates  of  the  amount  of 
unwanted  email  range  from  40%  to  75%,  but  we  can 
give  you  an  exact  percentage  —  69%.  That’s  how 
much  spam  we  saw  during  the  month  of  June.” 
There  are  a  lot  of  unknowns  here.  What  e-mail 
addresses  were  included?  Are  these  publicly  adver¬ 
tised  addresses?  Was  any  blocking  of  known  open 
Simple  Mail  Transfer  Protocol  (SMTP)  relays  done? 

Spouting  numbers  like  this  just  leads  to  more  unin¬ 
formed  discussion  of  spam.  Blocking  known  open 
SMTP  relays  combined  with  “safe  e-mailing”  (not  giv¬ 
ing  my  e-mail  address  to  entities  unknown),  have 
kept  my  quantity  of  spam  down. 

Paul  Kraus 
System  architect 
Information  Management  Group 
Albany,  N.Y 

You  picked  a  poor  statistic  to  reflect  false  positives  in 
your  story  on  spam  filters.  The  caption  in  the  table 
on  page  40  describes  the  data  as  exactly  what  we 
need  to  know  about  false  positives:  “The  percentage 
of  non-spam  messages  that  are  marked  as  spam.” 
However,  in  the  box  on  page  44,  we  find  that  the 
numbers  in  the  table  are  not  as  just  defined.This  box 
tells  us  that  you  have  defined  false  positives  to  be  the 
complement  of  positive  predictive  value  (PPV),that 
is,  the  percentage  of  messages  marked  as  spam  that 
are  not  spam. 

There  are  two  reasons  why  this  is  a  poor  choice  of 
definition  for  the  false  positive  rate: 

First,  what  people  want  to  know  is:  (a)  what  per¬ 
centage  of  spam  is  blocked;  and  (b)  what  percent¬ 
age  of  legitimate  e-mail  is  wrongly  blocked.You  got 
(a)  right,  but  you  chose  the  wrong  statistic  for  (b). 

Email  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


The  right  statistic  for  (b)  would  be  exactly  what  you 
described  in  the  page  40  table  caption,  namely,“the 
percentage  of  non-spam  messages  that  are  marked 
as  spam.” 

Second,  the  statistic  you  chose  for  false  positives  is 
meaningless  without  knowing  the  fraction  of  the  test 
messages  that  are  spam.  Suppose,  for  example,  that 
your  bank  of  messages  consisted  of  1,000  legitimate 
messages  and  one  item  of  spam.  Suppose  further, 
that  the  filter  caught  the  one  spam  message  and  one 
of  the  thousand  legitimate  messages.Your  false  posi¬ 
tive  rate  would  be  50%,  rather  than  the  0.1%  rate  that 
most  would  deem  appropriate.  Defining  the  false 
positive  rate  as  the  percentage  of  non-spam  mes¬ 
sages  that  are  marked  as  spam  would  give  you  a 
measure  that  is  independent  of  the  spam  fraction  in 
your  test  data. 

Rick  Matthews 
Professor  and  chair,  Physics  Department 
Wake  Forest  University 
Winston-Salem,  N.C. 

Clarification  was  sufficient 

In  his  letter  to  the  editor  “Clarifying  AT&T’s  clarifica¬ 
tion”  (DocFinder:  7622),  Ohio  State  University  Pro¬ 
fessor  of  Economics  Russell  Olsen  writes  that  “AT&T 
can  mark  down  its  capital  infrastructure  to  market 
value”  in  its  effort  to  compete  with  MCI. This  is  Ivory 
Tower  nonsense.  AT&T’s  biggest  competitor,  MCI, 
writes  off  billions  of  dollars  in  debt,  eliminates  its 
current  stockholders  by  extinguishing  shares  and 
gives  new  shares  to  debt  holders.  In  the  process,  MCI 
eliminates  millions  of  dollars  in  monthly  expenses 
associated  with  those  debts. To  compete,  Olsen  sug¬ 
gests,  AT&T  simply  can  write  off  goodwill  and  mark 
down  asset  values.Take  a  walk  down  the  hall, sir, and 
spend  some  time  with  your  accounting  colleagues.  I 
really  think  you’re  missing  something. 

Mitch  Larson 
Reno,  Nev. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  8024 
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STRATEGY  SESSION 

Jeff  Kaplan 

With  large  companies  drastically  cut¬ 
ting  back  their  IT  spending,  many  IT 
vendors  and  service  providers  have 
shifted  their  attention  to  small  and  midsize 
businesses.  While  it  might  be  relatively 
straightforward  for  vendors  to  re-architect 
their  IT  products  to  make  them  fit  SMB  needs, 
restructuring  a  service  providers  sales  and  service  delivery  structures 
to  appeal  to  SMBs  is  much  harder. 

Many  SMBs  are  getting  fed  up  with  the  hassles  of  IT  and  are  consid¬ 
ering  outsourcing  their  IT  operations.This  has  attracted  an  array  of  spe¬ 
cialized  service  providers,  telephone  companies  and  major  out¬ 
sourcers  attempting  to  gain  a  foothold  in  the  SMB  market. 

Electronic  Data  Systems  and  Microsoft  recently  entered  into  a  joint 
venture,  called  myCOE  (my  Consistent  Office  Environment),  to  offer 
utility  computing  services  to  SMBs.  MyCOE  is  a  Web-based  desktop  util¬ 
ity  computing  product  built  on  Microsoft’s  Solution  Accelerator  for 
Business  Desktop  Deployment  (BDD).  Microsoft  says  BDD  can  auto¬ 
mate  many  Windows  XP  Office  XP  and  Office  2003  deployment  tasks 
with  scripts  and  templates  to  reduce  the  challenge  of  installing  desktop 
applications  and  upgrades.  And,  as  with  other  on-demand  computing 
solutions,  EDS  promises  SMBs  will  be  able  to  utilize  myCOE  on  a  pay- 
as-you-go  basis. 

However,  myCOE  gives  SMBs  the  same  BDD  software  distribution  and 
administration  capabilities  they  can  get  for  free  directly  from  Microsoft. 
Why  should  SMBs  pay  for  a  service  when  they  can  download  the  func¬ 
tionality  at  no  charge? 


Serving  SMBs  is  not  so  simple 


EDS  suggests  that  SMBs  gain  its  expertise  and  experience  from  its 
long  history  of  managing  the  complex  IT  environments  of  many  of 
the  largest  organizations  in  the  world.  In  truth,  EDS’  outsourcing  sys¬ 
tems  and  staff  are  not  geared  toward  the  more  narrow  technical 
requirements  of  SMBs.  The  company’s  consultants  are  too  expensive 
and  accustomed  to  complex  IT  environments,  and  its  sales  team  is 
too  costly  to  succeed  in  the  price-sensitive  SMB  market. 

This  isn’t  EDS’s  first  foray  into  the  SMB  market.  The  company  part¬ 
nered  with  BellSouth  in  1998  to  offer  e-business  and  Web  hosting  ser¬ 
vices  to  SMBs  and  was  replaced  by  IBM  in  2001.  EDS  lacked  the  field 
staff  to  support  BellSouth’s  SMB  sales  efforts,  and  its  cost  of  services  was 
too  high  to  appeal  to  BellSouth’s  SMB  customers. 

EDS  has  done  little  to  remedy  these  issues.  In  fact,  the  company  is 
facing  severe  financial  challenges  because  of  recent  problems  with 
its  traditional  outsourcing  business.  Given  EDS’s  limitations  in  the 
SMB  market,  the  company  should  have  used  Microsoft’s  BDD  capa¬ 
bility  to  enhance  its  desktop  outsourcing  capabilities  in  its  tradition¬ 
al  large  enterprise  target  market  rather  than  overextend  itself  into  a 
new  market. 

The  EDS-Microsoft  partnership  serves  as  a  warning  to  both  SMBs  and 
large  companies  to  examine  carefully  whether  the  service  provider 
pursuing  their  outsourcing  business  is  properly  structured  to  satisfy 
their  needs  and  whether  its  services  are  really  better  than  what  users 
can  get  on  their  own. 


. . .  restructuring 
a  service 
provider's  sales 
and  service  deliv¬ 
ery  structures  to 
appeal  to  SMBs 
is  much  harder. 


Kaplan  is  managing  director  of  Thinkstrategies,  a  consultancy  in 
Wellesley,  Mass.  He  can  be  reached  at  jkaplan@thinkstrategies.com. 


TELECOMANALYST 

Daniel  Briere 

There’s  nothing  more  annoying  than  hav¬ 
ing  a  telephone  company  customer  sup¬ 
port  issue.  Any  time  1  have  to  call  to 
report  a  problem,  I  hate  the  experience  before 
it  starts. 

Interestingly  I  don’t  feel  this  way  about  call¬ 
ing  software  customer  service  lines.  In  fact,  I 
hardly  ever  call  software  customer  service  lines.  Instead,  I  go  to  the  sup¬ 
port  pages  on  the  software  vendor’s  Web  site  and  usually  find  what  I’m 
looking  for. Telco  Web  sites,  however,  are  still  a  relic  of  an  age  when  the 
only  questions  were  billing  questions,  despite  the  fact  that  their  prod¬ 
uct  lines  now  bundle  voice  mail,  Internet  access  and  home  networking. 

In  Connecticut,  I’m  an  SBC  SNET  customer.  I  have  voice  mail. 
Occasionally,  the  central-office-based  voice  mail  indicator  on  my  busi¬ 
ness  line  stays  illuminated  and  has  to  be  reset,  and  I  always  forget  how 
to  do  this.  So  I  did  an  experiment:  I  dialed  SBC  customer  support  and 
started  surfing  SBC’s  Web  site  at  the  same  time  to  see  which  would  pro¬ 
vide  me  with  the  answer  first. 

The  Web  site  home  page  doesn’t  have  any  high-level  option  for  resi¬ 
dential  or  business  telephone  services  support.The’Ask  a  question”sec- 
tion  deals  with  billing  and  DSL  Internet  questions  only  I  click  on 
Business  Services  and,  aha,  there’s  a  “Solve  a  phone  problem”  section 
with  the  appropriate  “Troubleshoot  a  phone  problem”  hyperlink.  1  click 
on  this  option. 

On  the  phone,  I’m  asked  for  my  phone  number  and  begin  navigating 
a  voice  response  unit  (VRU)  toward  the  area  for  voice  mail  issues. 

Back  at  SBC’s  troubleshooting  Web  page,  I’ve  got  a  whopping  10  things 
that  can  go  wrong  with  my  phone  service  (interestingly  they’re  the 
same  10  things  listed  for  residential  services  —  so  much  for  business 
having  more  sophisticated  needs). In  small  print  at  the  top,  it  says:“lf  the 
trouble  is  not  with  your  telephone  line  but  with  your  telephone  ser¬ 
vices,  please  find  the  appropriate  custom-calling  features  in  our  user 
guides.”  Voice  mail  is  a  custom-calling  feature, so  I  click  there. 


Hey  telco,  where’s  my  support? 


On  the  phone,  I’m  hearing  a  listing  of  services  and  am  asked  to  indi¬ 
cate  to  which  one  my  problem  pertains. 

On  the  Web,  I’ve  got  a  similar  listing  of  features  to  select  from.  I  click 
on  voice  mail  and  find,  essentially  the  user  manual  restated  —  how  to 
dial  your  voice  mail  access  number,  how  to  change  your  greeting  and 
so  on.  Nothing  to  help  me  reset  my  indicator. 

On  the  phone, as  1  enter  the  voice  mail  support  area,  the  first  thing  I’m 
asked  is:“Is  your  indicator  light  staying  on?”  “Yes,” I  affirm.  I’m  then  asked 
if  I  would  like  to  listen  to  automated  instructions  as  to  how  to  fix  it 
myself,  to  which  I  reply  yes. 

On  the  Web,  I  find  the  place  to  click  for  additional  voice  mail  help.  It 
says:“For  more  information,  call  the  Help  Line  at  1-800-575-5552.” 

On  the  phone,  I  listen  to  the  automated  help  message  playback 
option  for  my  problem,  solve  it  and  hang  up. 

What’s  the  lesson  here?  This  stuck  indicator  problem  is  obviously  the 
No.  1  customer  service  issue  for  the  voice  mail  support  group,  if  it  is  first 
in  the  VRU  messaging  stream.  So  why  isn’t  it  on  the  SBC  site? 

Telcos  have  trained  us  to  dial  customer  support  if  we’re  having  a  prob¬ 
lem.  But  more  and  more, people  are  trained  by  other  companies  to  use 
the  Web  for  their  support  issues.  Telco  problems  are  going  to  be  less 
about  billing  and  simple  “My  phone  doesn’t  work”  issues.  Telco  prod¬ 
ucts  are  changing;  they  now  include  all  sorts  of  add-on  services,  but  the 
telcos  have  not  changed  their  approach  to  support  —  it’s  still  a  com¬ 
partmentalized  issue,  not  a  one-stop-shop  issue.  You  can  buy  bundled 
services,  but  forget  about  bundled  support. 

Telco  Web  sites  today  are  nothing  more  than  user  manuals  online. 
They  need  an  overhaul  so  that  they  reflect  the  most-often-asked  ques¬ 
tions  and  how  to  resolve  them. Telcos  need  to  level-set  support  for  all 
their  services  and  provide  a  common  interface  for  getting  information. 

Lots  of  work  to  do,  folks,  lots  of  work. 


Telco  Web  sites 
today  are  nothing 
more  than  user 
manuals  online. 
They  need  an 
overhaul. 


Briere  is  CEO  ofTeleChoice,  a  market  strategy  consultancy  for  the  tele¬ 
com  industry.  He  can  be  reached  at  telecomcatalyst@telechoice.com. 


I  Take  the 


Business  keeps  your  team 

move  and  you  need  the  best  tools  to  stay  ahead  of  the  competition.  That's  why  you 
need  BlackBerry®  It’s  the  best  wireless  enterprise  solution  both  for  users  and  IT  departments. 
Advanced  wireless  handhelds  help  users  stay  connected  to  corporate  data,  email  and  even 
phone  calls  on  the  go*  BlackBerry  Enterprise  Server  software  provides  IT  departments 
with  advanced  security,  centralized  management  and  support  for  multiple  wireless 
networks.  And,  the  BlackBerry  Enterprise  Server  v3.6  introduces  breakthrough  features  that 
■rovide  the  ability  to  wirelessly  access  your  firm's  existing  corporate  data.  Get  BlackBerry 
a  1  empower  users  without  compromising  IT  requirements.  It  will  help  keep  you  in  the  lead. 
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>4  s*  arCf  ;r,  Mot. on  limited  (RIM)  All  rights  reserved  BlackBerry  is  an  end-to-end  wireless  solution  developed  by  RIM  RIM.  BlackBerry.  the 
Ktterr,  oqc  and  the  'envelope  in  motion'  symbol  are  trademarks  or  registered  trademarks  of  RIM.  'Check  with  your  service  provider  for  availability. 
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Test  assesses  IDS  mgmt,  real  security  alerts 


IDS 

continued  from  page  1 


protected  Windows  2000  systems  —  named  Paul  —  was 
cracked  and  being  used  as  a  zombie  to  scan  other  sys¬ 
tems.  We  wanted  to  know  who  broke  in  and  how. 


switched  over  to  Intrusion’s  Forensics  view,  a  handful  of 
bugs  in  this  early  release  prevented  us  from  getting  a 
good  look  at  what  that  feature  has  to  offer. 


While  we  invited  more  than  a  dozen  vendors  to  partici¬ 
pate,  only  Barbedwire  Technologies,  Cisco,  Internet 
Security  Systems  (ISS),  Intrusion  and  NFR  Security  took 
part  in  the  end.  (See  “Equipped  to  play”  on  page  52  for 
detailed  description  of  the  hardware  and  software  each 
vendor  brought  to  the  test.) 

Overall,  we  found  that  different  products  have  different 
strengths,  depending  on  your  needs,  such  as: 

•  ISS  has  the  most  powerful  management  and  analysis 
tool  kit. 

•  Cisco  provides  a  great  deal  of  flexibility  with  its  sen¬ 
sors  and  tight  integration  with  its  routers  and  switches. 
But  its  overall  management  lags  the  competition. 

•  NFR  is  best  if  you’re  going  to  be  writing  a  lot  of  your 
own  attack  signatures. 

•  Intrusion’s  product  set  is  nearly  as  strong  as  ISS,  but 
with  considerable  rough  edges  and  some  notable  gaps. 

•  We  were  less  enthusiastic  about  Barbedwire’s  appli¬ 
ance.  Its  IDS  implementation  does  not  meet  the  needs  of 
the  enterprise  network. 

Scenario  1:  What  happened  to  Paul? 

Before  the  big  viruses  hit  in  August,  one  of  our  IDS- 


Most  products  distinguished  between  alerting  and 
forensics.  In  alerting,  IDSs  bring  recent  high-priority  events 
to  your  attention.  In  forensics,  they  let  you  dig  down  to 
find  the  source  of  the  problem. 

Some  products  were  very  modakYou’re  either  working 
in  alert  mode  or  in  forensics  mode,  and  there’s  a  barrier 
between  them.  Intrusion,  NFR  and  Cisco  (with  its  Cisco 
Threat  Response  [CTR]  alerting  console  it  picked  up 
through  the  acquisition  of  Psionics  earlier  this  year)  fell 
into  this  category 

ISS  and  Cisco’s  original  IDS  Management  Console 
didn’t  differentiate  between  the  two  types  of  analysis. 
Barbedwire  also  takes  a  combined  approach,  mixing 
forensics  and  alerting  into  one  interface. 

We  figured  that  because  Paul  got  hit  on  a  Friday  there 
should  be  a  nice,  juicy  alert  sitting  there  when  we  logged 
on  Monday 

Intrusion’s  team  had  tuned  our  system  to  dump  alerts 
after  three  days,  so  there  was  nothing  to  be  seen.  We 
adjusted  the  thresholds  and  discovered  a  nice  feature: 
High-priority  alerts  can  age  differently  than  low-priority 
alerts.  Not  a  massive  competitive  advantage,  but  a  good 
sign  that  product  developers  thought  about  this. When  we 


ISS  impresses 

Then  we  turned  to  ISS.  ISS  doesn’t  distinguish  between 
alerts  and  forensics,  but  instead  offers  different  views  of 
the  same  data  within  SiteProtector,  ISS’  tool  for  managing 
and  analyzing  information  collected  from  its  security 
tools  suite.  One  powerful  feature  is  its  automatic  summa¬ 
rization  function.  Events  are  grouped  wherever  possible  to 
reduce  the  report  size.  It  was  easy  to  confirm  that  Paul 
was  hacked  and  when  it  happened. 

To  go  from  the  “when  did  Paul  get  cracked”  screen  to 
“how  did  it  happen,”  copy  the  IP  address  with  a  right-click, 
paste  it  into  the  same  screen,  and  select  a  different  view 
of  the  data.  Wait  8  seconds,  and  there’s  your  answer.  Seems 
simple,  but  it  was  a  sharp  contrast  to  other  products  that 
don’t  have  as  sophisticated  an  interface  for  slicing,  dicing, 
sorting  and  finding  data. 

SiteProtector  now  had  a  short  list  of  events,  of  which  six 
were  listed  as  high  priority  Powerful  forensics  capabilities 
let  you  identify  attackers  and  see  what  else  they  might 
have  been  doing.  More  importantly  ISS’  event  manage¬ 
ment  tool  lets  network  managers  dump  the  most  interest¬ 
ing  events  into  an  “incident”  folder  and  quickly  generate  a 
short  list  of  research  action  items  for  any  node.The  link¬ 
age  between  events  and  ISS’  X-Force  database,  with  exact 


Not  Rocnltc 


Proventia  A201 


Company:  Internet  Security 
Systems  Price:  $10,000  per  sen¬ 
sor,  includes  SiteProtector  man¬ 
agement  software.  Security  Fu¬ 
sion  is  $145  per  managed  asset 
and  Internet  Scanner  is  $100 
per  node.  Pros:  Outstanding  fo¬ 
rensics  navigation  capabilities, 
management  of  many  alerts  sim¬ 
ple,  saves  views  of  data  speeds 
analysis.  Cons:Tuning  is  difficult, 
new  sensor  appliances  not  ro¬ 
bust,  integration  requires  many 
systems. 


Cisco  IDS 

Company:  Cisco  Price:  Cisco 
IDS  4235  $12,500;  Cisco  IDS 
4215  starts  at  $8,000;  Cisco 
3745  router  with  IDS  module, 
$17,000;  Cisco  Works  VPN/Sec¬ 
urity  Management  Solution 
starts  at  $8,000.  Pros:  Broad 
sensor  platform  line  is  very 
flexible,  easy  forensics  naviga¬ 
tion.  Cons:  Lack  of  integration 
between  different  analysis 
platforms,  tuning  at  sensor  lev¬ 
el  harder  than  it  needs  to  be. 


NFR  NID  v3.2 


Company:  NFR  Security 
Price:  Ranges  from  $7,500  to 
$19,900  per  sensor,  no  extra 
charge  for  administrative  in¬ 
terface.  Pros:  Fantastic  signa¬ 
ture  authoring  capabilities, 
tuning  quite  easy,  simple  man¬ 
agement  of  many  sensors. 
Cons:  Forensics  capabilities 
make  it  difficult  to  find  what 
you  want. 


SecureNet  5545/Sensor  4.5 


Company:  Intrusion  Price: 
$10,000  for  each  sensor,  includ¬ 
ing  SecureNetWBI  Web-based 
management  system.  Secure- 
Net  Provider  2.2  Manager  soft¬ 
ware  is  $995  per  sensor  man¬ 
aged.  Pros:  Ability  to  con¬ 
struct  and  save  analyst  view 
simplifies  alerting  and  foren¬ 
sics  tasks.  Cons:  New  archi¬ 
tecture  has  bugs,  management 
of  signatures  is  complex  and 
prone  to  error. 


Minesweeper  500X  IDS 


Company:  BarbedwireTech- 
nologies  Price:  $4,000  Pros: 
Ability  to  see  packet  data  eas¬ 
es  analysis.  Cons:  Massive 
performance  problems  with 
low  data  volumes,  lack  of  fo¬ 
rensics  capabilities  makes 
analysis  impossible. 


The 

breakdown 

V 1 1 N 1 1 

ISS  Proventia  A201  RIBBON 

Cisco  IDS 

NFR  NID  v3.2 

Intrusion 

SecureNet  5545/Sensor  4.5 

Barbedwire 
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links  to  explanations  and  patch  locations,  gave  us  a  huge 
head  start  on  tracking  down  the  problem. 

NFR  comes  up  short 

The  NFR  interface  makes  a  huge  distinction  between 
alerting  information  and  forensics.  In  the  product’s  attack 
signatures,  the  signature  chooses  when  to  send  an  alert,  to 
actually  record  data  to  the  database  side,  or  when  both 
are  appropriate.  Starting  with  the  alerting  side,  we  sorted 
by  source  IP  address  and  discovered  . . .  nothing.  By 
default,  NFR  only  displays  1,000  alerts. We  adjusted  that 
number  up  and  discovered  when  it  is  set  to  10,000  items, 
it  takes  85  seconds  to  repaint  the  screen.  Make  it  20,000 
items,  and  you’ll  wait  nearly  5  minutes  for  a  refresh.  After 
we  finally  verified  that  NFR  saw  Paul  attacking  the  world, 
we  turned  to  the  hard  question  of  how  Paul  got  hacked. 

The  short  answer  is  that  you  can’t  ask  the  NFR  product. 
When  filtering  alerts,  you  can’t  ask  the  NFR  product  “show 
me  all  the  alerts  with  a  destination  of  this  IP  address.”You 
could  get  all  the  alerts  for  a  particular  time  period  and 
sort  them  by  destination  IP  address,  but  you  can’t  trim  the 
list  of  alerts  down  to  just  the  set  you  want.That  was  a  little 
disconcerting,  but  we  thought  instead  that  we’d  find  the 
answer  in  the  forensics  side  of  the  product.  Unfortunately 
you  can’t  do  that  on  the  forensics  side  either. 

We  ended  with  a  huge  pile  of  irrelevant  alerts  and  had 
to  paw  through  them  manually, scratch  pad  and  Web 
browser  at  the  ready  to  figure  out  what  had  happened  to 
Paul.  In  this  case,  though,  NFR  also  missed  the  attack. 

Cisco:  Better  data,  bigger  headache 

With  Cisco’s  CTR, you’re  given  views  by  event, source 
and  target,  but  you  don’t  get  the  ability  to  easily  jump 
around.You  can  discover  the  start  time  for  attacks  and 
then  see  who  was  attacking.  But  doing  so  requires  a  lot 
more  GUI  navigation  than  with  other  products. You  can’t 
trim  your  view  by  time  (although  you  can  sort  by  time), 
and  you  can’t  quickly  match  up  source  and  target 
because  the  preprogrammed  views  don’t  allow  for  that. 
Because  CTR  only  shows  alert  data, you  only  have  the 
most  recent  information  at  hand,  which  means  that  when 
you  want  to  run  forensics  queries, you  have  to  jump  over 
into  Cisco’s  other  tool,  the  IDS  Monitoring  Center,  which  is 
shipped  as  part  of  its  larger  management  platform, 
CiscoWorks.  Because  the  IDS  Monitoring  Center  predates 
CTR,  it  also  can  act  as  an  all-in-one  interface,  both  for  han¬ 
dling  alerts  and  for  conducting  forensics  research. 

The  bottom  line  is  that  what  was  fast  using  ISS’  interface 
took  significantly  longer  using  either  or  both  the  tools 
Cisco  provided.  What  came  out,  though,  was  different 
because  CTR  downgraded  some  of  the  alerts  that  ISS 
thought  we  should  be  concerned  about.  CTR  did  this 
when  it  saw  that  the  attack  was  not  successful.  Our  short¬ 
list  of  activities  was  shorter  with  Cisco. The  slightly  better 
data  did  not  offset  the  frustration  of  jumping  between 
GUIs,  using  scratch  paper  and  having  to  scramble  around 
because  there  was  no  incident  management  system. 

Minesweeper  bombs 

Regarding  Barbedwire’s  Minesweeper,  it’s  clear  that  com¬ 
ing  back  to  this  system  three  days  after  the  attack  was  a 
major  mistake.The  attack  wasn’t  in  any  of  the  alert  reports 
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alerts,  we  turned  to  the  question  of  tuning.  How  easily  and 
quickly  could  we  trim  the  alert  list  of  noise?  Security  man¬ 
agers  come  at  this  problem  from  two  tacks.  Some  want  to 
see  all  their  alerts,  but  have  them  prioritized.  Others  simply 
want  to  throw  out  useless  information. 

Because  we  had  done  a  lot  of  research  on  Paul  as  part 
of  our  first  scenario,  we  created  a  simple  task:  make  sure 
that  Paul’s  false  alerts  would  never  be  seen  again. 

Partial  success  with  ISS 

With  ISS,  we  found  two  easy  techniques  for  filtering 
events.  Within  the  per-sensor  policy  a  well-hidden  tab  lets 
you  drop  events  from  ever  being  sent  to  the  IDS  console. 
Whether  this  would  work  for  a  large  network  is  a  tough 
question.  Each  combination  of  event  and  destination 
address  has  to  be  entered  separately  which  means  that  if 
you  manage  hundreds  of  servers, you  could  spend  a  long 


time  dropping  events.  Or.  more  typically  you’d  decide  that 
the  event  wasn’t  important  and  disable  it.  But  that’s  a  dan¬ 
gerous  approach  because  new  systems  popping  up  on  a 
network  might  not  have  all  the  right  patches  applied  and 
configuration  changes  made. Solving  this  problem  the  ISS 
way  would  be  extremely  tedious  for  large  networks. 

For  security  analysts  who  want  the  data,  but  don’t  want 
to  see  it  unless  they  ask  for  it,  ISS  has  a  partial  answer.  For 
any  view  of  the  event  and  forensics  data,  a  filter  can  be 
added  that  blocks  particular  attackers,  target  IP  addresses 
and  events  from  appearing. 

Cisco’s  answer  is  complex 

Cisco’s  IDS  Management  Console  offers  the  capability  to 
filter  out  particular  signatures  but  in  a  complex  way  We 
credit  Cisco’s  IDS  distributed  management  because  it  lets 

See  IDS,  page  50 


What  network  IDSs  can  -  and  can’t — do 


Network  intrusion-detection 
systems  as  a  product  class 
have  been  under  attack 
recently,  fueled  by  a  series  of 
recent  Gartner  reports,  one  of 
which  was  called  “Intrusion  detec¬ 
tion  is  dead  —  long  live  intrusion 
prevention."  In  another,  "Hype  cycle 
for  information  security,  2003," 
Gartner  opined  "intrusion-detec¬ 
tion  systems  are  a  market  failure." 
With  headlines  like  that,  one  might 
wonder  why  we  did  this  review. 

Gartner's  analysis,  unfortunately, 
is  based  on  a  profound  misunder¬ 
standing  of  what  network  IDSs  are 
good  for  and  who  should  use  them. 
Many  network  managers,  and  the 
analysts  at  Gartner,  have  put  net¬ 
work  IDS  in  the  same  bucket  as 
firewalls:  a  technology  designed  to 
protect  network  assets.  But  it 
doesn't  go  there.  A  network  IDS  is 
to  the  security  analyst  what  a  pro¬ 
tocol  analyzer  is  to  a  network 
manager:  a  tool  to  look  into  a  net¬ 
work  and  understand  what  is  going 
on,  security-wise.  Lumping  net¬ 
work  IDS  and  firewalls  together,  or 
even  network  IDS  and  intrusion- 
prevention  systems  (IPS)  together, 
is  no  more  appropriate  than  con¬ 
sidering  100M  bit/sec  switches  and 
protocol  analyzers  together. 

Gartner’s  confusion  is  multiplied 
by  the  efforts  of  IPS  vendors  to 
create  their  own  market  niche, 
building  on  the  misconceptions 
about  network  IDS.  Network  man¬ 
agers  who  bought  network  IDS  ex¬ 
pecting  a  set-it-and-forget-it  magic 
bullet  for  network  security  have 
been  disappointed,  because  that's 
not  what  network  IDS  is  all  about. 

Rather  than  say  what  network 
IDS  is  not,  it's  more  useful  to  say 
what  it  is.  IDSs  are  designed  as 


passive  sensors  to  detect  attacks, 
policy  violations,  misbehaviors  and 
security  misconfigurations. 

As  Gary  Golomb,  a  longtime  IDS 
researcher,  notes,  network  IDS 
can  provide  the  checks  and  bal¬ 
ances  on  the  security  posture  and 
implementation  of  the  corporate 
network.  "The  IDS  serves  the  sin¬ 
gle  purpose  of  sitting  back  and 
watching  over  everything  to  see  if 
people  are  still  getting  though,”  he 
says.  "And  here's  a  curve  ball  for 
you:  After  all  the  protective  tech¬ 
nologies  [such  as  firewalls  and 
virus  scanners  and  VPNs  are 
installed],  attackers  ...  are  still 
getting  through!  Whether  it's 
because  of  vulnerabilities  in  net¬ 
work  designs,  application  vulnera¬ 
bilities  or  unknowingly  misconfig- 
ured  devices,  they  do  get  through." 

Vendors  such  as  NFR  Security 
promote  network  IDS  not  only  to 
detect  break-ins,  but  also  policy 
violations,  such  as  passwords 
that  are  too  short,  FTP  moving 
the  wrong  kind  of  files  around  or 
traffic  between  two  systems  that 
should  not  be  talking.  We  take  the 
position  that  network  IDS  is  most 
appropriately  deployed  where  an 
experienced  security  analyst  with 
specific  goals  and  tasks  can 
manage  it.  Although  network  IDS 
can  be  used  to  answer  the  ques¬ 
tion  “who  broke  into  my  system 
last  week?"  that’s  only  one  piece 
of  the  puzzle. 

While  network  IDS  vendors  might 
want  to  market  their  products  to 
network  managers  at  all  levels  of 
experience,  we  find  that  to  be  an 
unreasonable  expectation.  Again, 
comparing  network  IDS  to  a  pro¬ 
tocol  analyzer:  Any  midsize  to 
large  company  needs  one,  but  not 


everyone  should  be  expected  to 
know  how  to  use  it.  The  network 
IDS  vendors  have  made  great 
strides  in  reducing  the  noise  level 
of  IDS  products  and  tried  to  make 
them  usable  by  staff  with  varying 
levels  of  expertise. 

Deciding  whether  network  IDS  is 
right  for  you  is  not  difficult. 
Successful  network  IDS  imple¬ 
mentations  depend  on  three  criti¬ 
cal  factors: 

•  Security  policy  awareness.  A 

network  IDS  cannot  detect  suspi¬ 
cious  behavior  unless  you  define 
what  is  and  is  not  allowed  on  your 
network.  If  you  cannot  express 
your  network  security  policy,  then 
the  network  IDS  cannot  tell  you 
about  violations. 

•  Network  awareness.  Network 
IDS  products  do  a  poor  job  of 
automatically  classifying  attacks 
based  on  the  system  being 
attacked.  The  classic  example  of 
this  is  an  Microsoft  Windows-only 
attack  on  an  Unix  Web  server.  For 
network  IDS  data  to  be  useful,  you 
must  know  what  assets  are  on 
your  network  and  what  the  normal 
and  correct  traffic  looks  like. 

•  IDS  architecture.  The  location 
and  use  of  network  IDS  in  any 
enterprise  is  a  highly  variable  art. 
For  IDS  to  be  useful,  it  must  be 
implemented  in  a  way  that  returns 
useful  information.  This  means  you 
have  to  design  sensor  location  and 
sensing  technology  based  on 
knowledge  of  security  policy  and 
network  assets.  Network  IDS  can¬ 
not  simply  be  dropped  into  a  net¬ 
work  any  more  than  routers,  fire¬ 
walls  and  VPNs  can  be  dropped  in 
haphazardly. 

—  Joel  Snyder,  David 

Newman  and  Rodney  Thayer 
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Shut  it  off  with  SurfControl  E-mail  Filter. 

Only  SurfControl  E-mail  Filter  stops  unwanted  content  using  advanced  Adaptive  Reasoning  Technology,  artificial 
intelligence,  and  an  Anti-Spam  Agent  that  blocks  virtually  100%  of  spam  at  the  server.  This  simple-to-use  enterprise 
solution  also  blocks  inappropriate  content,  secures  confidential  data,  optimizes  network  bandwidth  and  adds  a  layer  of 
protection  against  viruses.  And,  it’s  easy  to  install  on  any  SMTP  or  Exchange  platform. 

So  get  that  spam  out  of  your  hair  once  and  for  all.  Download  SurfControl  E-mail  Filter  now  for  a  free  30-day  evaluation. 

Visit  www.surfcontrol.com  or  call  1  800. 3B8. 3366 
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False  positives  remain  a  major  problem 

I  But  IDSs  are  getting  better  at  managing  large  volumes  of  alerts. 

Last  year,  our  IDS  review  concluded  that  false  alarms  would  drown  any  network  manager  who  tried  to 
use  these  devices.  The  level  of  alerts  managed  to  drown  the  devices:  Several  couldn’t  handle  the  load 
of  our  modest  test  network. 

This  year,  we  took  a  different  slant  in  our  testing,  looking  at  how  security  analysts  would  use  these  devices  in 
specific  scenarios,  but  false  alarms  remain  a  major  problem.  As  the  virus  and  worm  incidents  during  our  test 
caused  massive  "bad"  traffic  across  the  Internet,  we  ran  into  serious  problems  with  the  volume  of  alerts.  Even 
though  we  monitored  significantly  fewer  systems  sitting  behind  these  IDSsthan  last  year  and  significantly  less 
traffic,  100,000  copies  of  the  same  alert  each  day  made  the  systems  sluggish  and  ill-behaved.  In  the  case  of 
Barbedwire  Technologies,  the  systems  became  unusable.  Cisco  and  Internet  Security  Systems  (ISS)  also  filled 
up  their  disks,  showing  the  importance  of  proactive  management  of  alert  information. 

But  while  the  volume  of  false  alarms  remains  high,  the  products  have  gotten  better  in  their  ability  to  man¬ 
age  that  information.  Products  from  Cisco,  ISS  and  NFR  Security  all  showed  significant  improvement  in 
how  they  present  alert  information  to  the  operator.  With  flexible  grouping  and  display  options,  and  automat¬ 
ed  upgrade  and  downgrade  of  alert  information,  we  could  make  our  way  though  the  thousands  of  alerts  we 
got  each  day.  Although  tuning  remains  a  major  task  —  which  each  of  the  products  could  simplify  —  the 
event  management  tools  gave  us  a.  better  handle  on  things. 

I  We  also  observed  that  while  the  attack  signatures  seem  to  be  not  much  smarter  than  the  last  time  we 
tested,  IDS  products  are  getting  better  at  managing  the  output  of  these  signatures.  We  got  better  informa¬ 
tion  on  the  estimated  severity  and  likelihood  of  an  attack. 

I  Still,  there  is  a  huge  element  of  trust:  You  don't  get  to  actually  see  the  offending  packet  (except  in  the  case 
of  Barbedwire).  Over  the  months  of  testing,  these  products  didn't  earn  that  trust  very  well.  For  each  attack 
we  detected,  we  were  unable  to  say,  for  certain,  how  it  happened.  We  only  could  come  up  with  a  candidate 
list  of  possibilities,  each  of  which  had  to  be  researched  individually. 

—  Joel  Snyder 
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you  put  sensors  into  groups  and  then  apply  settings  and 
configuration  changes  at  the  sensor  level, group  level  and 
network  level.  At  first  glance,  this  is  a  mature  and  reason¬ 
able  way  to  handle  a  network  of  sensors.  But  Cisco  does¬ 
n't  let  you  manage  signatures  and  filters  at  the  group  or 
network  level.  So  if  you  want  to  build  a  filter  to  drop  out 
certain  events. you  have  to  go  from  sensor  to  sensor,  copy¬ 
ing  the  same  information. 

If  you  actually  want  the  data,  but  want  to  separate  the 
useless  from  the  useful,  Cisco  offers  a  partial  interface 
with  its  CTR  tool.CTR  provides  a  series  of  policies  that  are 
used  to  upgrade  and  downgrade  alerts.  But  creating  a 
new  policy  to  say  “this  alert  is  not  relevant”  is  difficult. 

Barbedwire  steps  up,  sort  of 

Barbedwire  solved  this  problem  by  dropping  events  at 
the  IDS  level. To  filter  out  a  particular  event,  Barbedwire 
lets  you  give  a  list  of  IP  addresses  to  which  an  event 
does  not  apply  It’s  somewhat  tedious  to  do  that,  but  con¬ 
ceptually  it’s  an  easy  extension. 

The  only  problem  is  that,  like  Cisco,  there  is  no  way  to 
do  this  for  more  than  one  system  at  a  time.  If  you  have 
multiple  sensors, you  have  to  create  the  drop  filters  on 
each  one.  With  Barbedwire ’s  multi-port  sensor,  you’d 
have  to  do  the  same  set  of  filters  on  each  interface. 
Overall,  Barbedwire ’s  multi-system  management  was  the 
weakest  of  the  products  we  looked  at.  It  had  no  ability 
to  group  or  aggregate  devices  or  even  interfaces 
through  the  GUI,  and  there  was  effectively  no  central 
management,  only  central  logging  and  reporting. 

Barbedwire  had  no  way  to  filter  out  events  once  they 
were  logged;  if  you  saw  them  once, you’d  see  them  forever. 

NFR  has  solid  event  filtering 

NFRs  event  filtering  worked  at  both  the  sensor  level  and 
at  the  GUI  level.  Sensor-level  filters  let  you  individually 
block  data  from  the  alerting  or  forensics  part  of  NFR. 
Simply  pick  an  event  and  define  filters  for  it,  applying  it  to 
individual  sensors  or  to  all  sensors  at  once.  It  only  took  a 
single  click  to  push  changes  to  NFR  sensors. 

However,  NFR  fell  down  in  the  area  of  alert  filtering.  We 
spent  a  lot  of  time  puzzling  over  GUIs  and  documentation 
before  coming  to  the  conclusion  that  dropping  alerts  in 
the  NFR  GUI  is  a  waste  of  effort.  But  because  NFR  handles 
alerts  separately  from  forensics,  there  is  little  reason  to 
drop  them  in  the  alert  GUI.  If  you’re  going  to  bother  to  fil¬ 
ter  out  things,  it  makes  more  sense  to  do  it  in  at  the  event 
level,  where  you  have  more  control. 

Intrusion  offers  efficient  sensor  tuning 


Intrusions  tuning  facilities  vary  depending  on  where 
you  want  to  filter.  In  our  case,  trimming  at  the  sensor  was 
efficient,  so  we  used  that  method.  Intrusion’s  Policy  Editor 
runs  on  the  central  management  console  and  lets  you 
build  a  policy  that  drops  IP  addresses  from  events  as 
appropriate.  From  thereafter  a  bit  of  technical  support, 
we  pushed  changes  to  the  sensors  and  trimmed  the  alert 
load  considerably  Intrusion  has  made  policy  manage¬ 
ment  of  its  sensors  easier  than  it  was  last  year,  but  it’s  still 
a  lot  harder  than  it  needs  to  be. 

Intrusion  also  supports  pure  IP  filtering,  but  this  requires 
direct  access  to  the  sensor  via  its  Web  interface  and  is  not 
managed  centrally  It  sounds  like  an  obscure  feature,  but 
the  ability  to  block  entire  ranges  would  be  important  in  a 
large  enterprise  deployment  where  multiple  sensors  saw 
intersecting  traffic  loads. 

Scenario  3:  Writing  our  own  alerts 

Not  every  network  manager  will  want  to  write  his  own 


alerts,  but  we  had  a  specific  problem  to  solve.  One  worm 
that  struck  during  our  test  was  going  to  send  traffic  to 
some  known  hosts  out  on  the  Internet.  We  wanted  to 
catch  this  traffic,  put  an  alert  on  it  and  use  that  to  help  dis¬ 
infect  our  network. 

Cisco  has  the  most  obfuscated  method  for  editing  and 
modifying  signatures.  Rather  than  present  signatures  to 
the  network  manager  in  a  simple  text  file.it  gives  a  com¬ 
plex  array  of  engines  and  parameters.  Wizards  help  shield 
the  manager  from  knowing  all  the  details,  which  means 
we  easily  could  generate  the  signature  we  sought. 
However,  Cisco s  tools  for  building  signatures  only  work 
well  for  certain  common  cases,  and  we  could  see  that 
there  were  some  kinds  of  signatures  that  we  weren’t  going 
to  be  able  to  build. 

Barbedwire  uses  Snort  as  its  underlying  engine. Snorts 
signatures  are  easy  to  read  and  write,  and  coming  up  with 
a  signature  for  Barbedwire  was  simple. 

See  IDS,  page  52 


Getting  the  word  out 

One  criteria  of  an  effective  IDS  product  in  our  view,  is  the  ability  to  detect  attacks  that  hone  in  on  the  newest  vulnerabilities.  To  that  end,  as 
part  of  our  overall  evaluation,  we  tracked  how  long  it  took  participating  vendors  to  release  signatures  that  would  protect  our  systems  against 
hackers  aiming  for  Cisco's  IOS  vulnerability  which  was  announced  during  our  testing  cycle. 

Time  from  warning  to  exploit  —  approximately  two-and-a-half  days. 
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Whether  your  application  is  Campus  Enterprise,  Cable  MSO  or  Metro  Access,  MRV  has  a  flexible 
optical  solution  that  fits  within  your  budget.  Our  CWDM  and  DWDM  systems  help  you  increase 
your  bandwidth  capacity,  or  offer  wavelength  services  --  from  T1/E1  to  OC-48,  and  any 
Ethernet  or  Storage  protocol.  ♦  We  provide  solutions  from  'do-it-yourself  WDM  with  our 
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continued  from  page  50 

NFR  provides  a  powerful  development  environment  for 
its  proprietary  N-Code  language.  Clearly,  any  security  man¬ 
ager  w'ho  wants  to  write  a  lot  of  signatures  will  gravitate 
toward  NFR’s  tool  kit.  NFR  has  an  array  of  policy-based 
signatures  that  trap  traffic  based  on  policy  rather  than 
attack  detection.  We  used  an  out-of-the  box  policy-based 
signature  first  and  then  tried  writing  our  own  N-Code  pro¬ 
gram.  N-Code  is  powerful,  but  the  existing  policy-based 
signature  was  a  lot  easier. 

Accomplishing  the  task  at  hand  with  Intrusion  and  ISS 
w'as  a  bit  frustrating  because  the  core  signatures  and  tech¬ 
nologies  inside  of  their  products  are  hidden.  ISS  tries  to 
solve  this  problem  by  offering  theTrons  language,  which 
lets  you  put  Snort-syntax  signatures  into  the  existing  rule 
base.  Intrusion’s  Policy  Editor  has  a  limited  GUI  that  lets 
you  create  new  signatures.  Our  requirements  were  simple 
enough  that  we  generated  the  needed  signature  without 
going  beyond  the  provided  interfaces. 

Fourth  scenario:  Finding  the  worms 

Because  our  test  network  was  intentionally  behind  on 
its  patches,  we  knew  the  Microsoft  RPC  DCOM  vulnerabil¬ 
ity  would  hit  us  hard. The  question  was  who  got  hit?  In  a 
large  network,  being  able  to  ask  that  question  and  quickly 
find  (and  patch)  those  machines  would  be  a  high-priority 
security  problem  to  solve.These  systems  are  especially 
easy  to  find,  because  they  start  scanning  other  networks, 
looking  for  systems  to  infect.  We  turned  to  the  forensics 
features  of  the  IDSs  to  help. 

Barbedwire  was  a  disappointment.The  issues  we  had 
with  performance  came  back  to  haunt  us.  Because  the 
infected  systems  were  generating  traffic  at  a  furious  rate, 
we  had  databases  with  more  than  100,000  events  each 
day. That’s  not  an  unreasonable  amount  for  an  enterprise 
network  to  generate  on  a  bad  day,  but  it  was  way  too 
much  for  the  Barbedwire  systems  to  handle.  Any  attempt 
to  generate  reports  just  didn’t  work. 

With  NFR,  the  key  to  any  forensics  investigation  is  figur¬ 
ing  out  what  event  you’re  looking  for.  We  knew  from 
CERTs  advisory  to  look  for  PING  traffic  and  dove  into 
NFR.  Our  first  guess, “ICMP  Pingflood,”  turned  out  to  be 
wrong,  but  after  a  few  seconds,  we  came  up  with  “IP 
Hostscan.”  NFR  gave  us  the  attacker  IP  addresses  we  need¬ 
ed,  but  little  else.  For  example,  we  could  not  see  what  port 
numbers  were  being  attacked,  which  might  have  been  use¬ 
ful  in  other  contexts.  NFR’s  GUI  is  also  difficult  in  forensics 
mode:  When  you  want  to  see  the  description  for  a  particu¬ 
lar  event, you  have  to  jump  to  another  part  of  the  GUI. 

This  test  also  exposed  a  problem  common  to  all  the 
products  (except  Barbedwire)  —  you  can’t  see  the 
offending  packets. You  never  get  to  check  the  signatures 
to  see  if  they  are  generating  false  positives. 

Intrusions  forensics  tool  opens  with  a  set  of  canned 
views  into  the  forensics  database:  by  attacker,  by  target,  by 
priority  and  by  signature  group.  We  started  with  signature 
groups  and  clicked  on  the  first  level  of  the  tree.  Each 
major  signature  group  was  shown,  along  with  a  count  of 
events.  The  group  we  were  looking  for  stood  out  like  a 
sore  thumb,  with  hundreds  of  thousands  of  events.  One 
more  click  (on  “firewall  services”)  and  ICMP  Ping  Sweep 
J  SMB  Scan  both  stood  out  again  —  teaching  us  some- 
;  we  hadn’t  learned  with  NFR. 

•s  point.  Intrusion  doesn’t  further  sort  items,  which 
U  t  if  we  went  with  the  out-of-the-box  product, 

>rt  through  long  lists  of  events.  But  building 
is  the  quick  solution  to  that.  A  few  clicks  let 
ummarization  level  underneath  signature 
address,  and  now  we  had  the  information 
l  of  We  could  see  it  on  the  screen,  but 
fh*  a  ay  to  simply  drop  it  into  a  spreadsheet. 


ISS  didn’t  let  us  quickly  move  to  the  signature  we  want¬ 
ed,  but  gave  us  a  few  pre-built  options.  An  obvious  one, 
event  analysis  by  attacker,  created  one  line  item  for  every 
“attacker”  in  the  network.  We  sorted  by  count,  and  the  in¬ 
fected  machines  on  our  network  slipped  to  the  top  imme¬ 
diately  ISS  would  have  let  us  trim  the  query  by  putting  in 
only  our  corporate  IP  addresses,  but  because  we  had  mul¬ 
tiple  sites,  the  ranges  weren’t  compatible  with  its  GUI. 

From  the  list  of  attackers,  we  picked  up  our  favorite  fea¬ 
ture  in  any  of  the  products.  We  right-clicked  on  an  attack¬ 
er,  and  up  came  a  list  of  questions  you  might  like 
answered.  In  our  case,  it  was  “what  events  were  generated 
by  this  attacker?”  We  clicked  and  wait  2  seconds,  and  then 


we  knew  what  ISS  was  going  to  call  the  worm 
attackers. We  right-clicked  again  on  the  relevant  event,  and 
there  was  our  analysis  question: “what  are  the  sources  of 
this  event?”  Another  10  seconds,  and  there  was  our  list. 
Select  the  column,  copy  and  there’s  the  full  list,  exported. 
ISS  got  this  right,  in  spades. 

Cisco  didn’t  have  the  slick  response  time  of  ISS,  but 
did  have  similar  features.  In  Cisco’s  event  view,  the  basic 
paradigm  is  of  a  spreadsheet  with  movable  and  expand¬ 
able  columns.  Grab  whatever  column  you  think  is  most 
important  and  drag  it  to  the  left,  and  Cisco’s  IDS 
Management  Center  will  sort  your  data  according  to 

See  IDS,  page  56 


We  laid  out  our  network 

requirements  for  our  60-day. 
test  of  network  intrusion- 
detection  system  products  and  let 
the  vendors  submit  all  the  appro¬ 
priate  piece  parts  to  fit  the  bill. 

NFR  Security  provided  two  of  its 
preconfigured  appliance  sensors, 
one  for  each  site  of  our  remote 
sites  and  a  Central  Management 
Server  (CMS)  for  our  network 
operations  center.  Each  sensor  fed 
alerts  to  the  CMS  system,  which 
we  examined  and  managed  with 
the  Windows-based  Administrative 
Interface  client. 

NFR  boots  its  sensors  off  of  a 
CD-ROM,  which  doesn't  guaran¬ 
tee  that  they  can't  be  broken  into, 
but  certainly  makes  the  job  a  lot 
harder.  NFR  recently  released  a 
new  version  of  this  product  but  it 
was  too  late  in  our  test  cycle  to 
include  in  this  review. 

Intrusion  provided  two  sensors 
and  a  management  system,  its 
SecureNet  Provider.  While  still  a 
product  that  needs  some  work,  its 
slimmed-down  management  is  an 
improvement  over  last  year’s  sub¬ 
mission.  On  the  client  side,  there 
are  three  pieces  needed  to  manage 
sensors  and  rules,  and  conduct 
analysis.  But  at  least  they  all  run 
on  the  same  system.  To  manage 
SecureNet  Provider,  we  used  tools 
that  Intrusion  pre-loaded  on  a  man¬ 
agement  client.  This  installation 
was  important,  because  Intrusion's 
client  caches  event  information  in 
a  local  database  to  increase  per¬ 
formance,  and  using  the  client  isn’t 
as  simple  as  just  dropping  it  onto  a 
Windows  box. 

Although  the  new  architecture 
was  welcome,  it  also  was  clearly 
hot  off  the  presses.  We  found  care¬ 
less  bugs,  such  as  IP  addresses 
sorting  in  the  wrong  order  and 
events  being  mismatched  to  their 


labels  during  our  testing.  We  even 
managed  to  crash  the  SecureNet 
Provider  client  when  we  used  it  for 
forensics  research. Intrusion  re¬ 
cently  upgraded  it’s  software,  but 
it  was  released  too  late  for  our 
testing. 

Internet  Security  Systems  (ISS) 
also  supplied  a  three-tier  architec¬ 
ture  (sensor,  management  server 
and  management  client).  ISS  sent 
two  Provent ia  A201  systems,  its 
new  appliance-style  sensor.  On  the 
sensor  side,  ISS  had  more  than  its 
fair  share  of  bugs  that  resulted  in 
the  appliances  shutting  down  sev¬ 
eral  times  during  the  test  period. 
Complementing  the  sensors  were 
three  other  rock-solid  ISS  prod¬ 
ucts:  SiteProtector,  Security 
Fusion  and  Internet  Scanner.  ISS' 
architecture  is  centered  on 
SiteProtector,  its  tool  for  manag¬ 
ing  and  analyzing  information  from 
an  entire  suite  of  security  tools. 

Internet  Scanner  is  ISS’  vulnera¬ 
bility  analysis  tool.  Fusion  helps  to 
correlate  IDS  alerts  with  vulnera¬ 
bilities  and  operating  system 
detection  information,  upgrading  or 
downgrading  alerts  as  they  flow  in. 

With  Barbedwire  Technologies, 
we  received  two  appliance-style 
sensors  and  nominated  one  as  the 
central  management  system. 
Barbedwire  doesn't  provide  a 
client;  driving  its  GUI  around 
requires  only  a  Web  browser.  Two 
things  quickly  became  apparent: 
first,  Barbedwire  spent  a  lot  of 
time  building  an  elegant  interface 
on  top  of  Linux,  and  second,  the 
systems  provided  were  underpow¬ 
ered  even  for  our  small  network. 
Once  the  system  ran  for  a  few 
weeks,  it  came  to  a  near-halt 
because  it  had  collected  too  much 
data.  Configuration  pages  would 
take  more  than  a  minute  to  display, 
reports  tens  of  minutes  to  run,  and 


on  occasion  even  simple  things 
(such  as  “15  most  recent  alerts") 
would  just  timeout,  returning  only 
error  codes. 

Barbedwire ’s  failings  were  espe¬ 
cially  disappointing  because  the 
company's  offering  contrasted 
with  some  nice  thinking  on  the  IDS 
front.  One  complaint  we  had  about 
all  the  other  products  is  that  get¬ 
ting  raw  data  out  of  them  was 
impossible:  Packets  go  in,  but  they 
don’t  come  out.  With  Barbedwire, 
which  is  built  on  the  open  source 
Snort  detection  engine,  we  could 
see  the  guilty  packets  nicely 
decoded. 

The  anti-minimalist  award  went 
to  Cisco,  whose  enthusiastic  secu¬ 
rity  group  gave  us  three  different 
sensors  and  three  management 
systems,  and  offered  us  firewalls 
and  VPN  security  gateways  to  fur¬ 
ther  complicate  the  picture.  With 
Cisco,  we  saw  an  architecture  in 
transition.  Its  core  IDS  configura¬ 
tion  and  analysis  tool  kit,  integrat¬ 
ed  with  the  popular  CiscoWorks 
management  platform,  uses  a 
Web-based  client  interface  not  dis¬ 
similar  from  what  we  looked  at  a 
year  ago.  The  difference  is  in  Cisco 
Threat  Response  (CTR),  a  product 
that  came  to  Cisco  through  its 
acquisition  of  Psionics  earlier  this 
year.  The  CTR  concept  is  Cisco's 
version  of  ISS's  Fusion:  event  cor¬ 
relation  across  sensors  and  vulner¬ 
ability  analysis  scanners.  Cisco 
showed  this  Web-based  product  to 
us  as  a  stand-alone  analysis  tool 
kit,  but  promised  that  the  technolo¬ 
gy  would  be  integrated  into  the 
rest  of  the  IDS  product  line. 
Because  CiscoWorks'  forensics 
tools  are  much  better  than  CTRs, 
the  promised  melding  should 
improve  both  products. 

—  Joel  Snyder,  David 

Newman  and  Rodney  Thayer 
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It's  a  nonstop  world  we  live  in, 

and  nowhere  is  this  more  evident  than  when  it 
comes  to  how  and  where  we  work.  Instead  of 
being  tied  to  a  computer  in  an  office, 
technologies  such  as  laptops,  PDAs,  wireless 
networks  and  VPNs  have  given  corporate 
workers  freedom  and  flexibility.  And  as 
workers  go  increasingly  mobile,  CIOs  must 
grapple  with  a  whole  new  set  of  challenges. 
How  do  you  control  the  wild  proliferation  of 
access  devices?  What  steps  do  you  take  to 
ensure  the  security  of  the  network  as  people 
connect  from  a  newly  diverse  set  of  places 
and  computers?  And  how  can  you  make 
sure  that  the  right  users  get  access  to  the 
right  content? 

In  this  SPECIAL  REPORT,  we  cover 
enterprise  mobile  connectivity  and 
explore  the  issues  of  securing  and 
managing  access  for  the  enterprise 
taking  advantage  of  an  untethered 
workforce.  Secure  your  copy  of 
Network  World  Fusion’s  SPECIAL  REPORT: 
Enterprise  Connectivity  in  a  Mobile  World  in 
PDF  format  today. 
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require  their  own.  separate  service  coverage:  they  are  not  covered  under  the  attached  Machine.  Service  activation  is  required  immediately  following  purchase.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  I8M  may  choose  to  perform  service  at  the  or. 
repair  center.  For  failing  non-IBM  components,  customer  must  provide  replacement  part  unless  IBM  has  a  Technical  Support  Agreement  with  the  manufacturer.  Service  does  not  cover  accessories,  supply  items  and  certain  parts  such  as  batteries,  frames  and  covers. "Star..- 
shipping  included  when  you  order  online.  U.S.  only.  ,:With  Intel  SpeedStep,  processor  speed  may  be  reduced  to  conserve  battery  power.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for  photograo 
typographic  errors.  All  IBM  product  names  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  U.S.  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  ot  Lotus  Development  Corporation,  an  IBM  Company.  Intel  I 

Inside,  the  Intel  Inside  logo.  Celeron,  Intel  Centrino,  the  Intel  Centrino  logo  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  ol  Mi. 
Corporation  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corp.  All  rights  reserved. 
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continued  from  page  52 

that  column  and  summarize  repeated  items,  giving  a 
count  along  the  way.  It’s  a  beautiful  way  to  look  at  your 
data  and  would  have  been  even  better  than  ISS  except 
for  one  flaw:  When  you  move  a  column, you  lose  your 
place  in  the  data. 

Find  something  interesting  and  want  to  drag  that  col¬ 
umn  to  the  left  to  resort  the  data?  Cisco  does  it,  but 
whatever  you  were  most  interested  in  gets  put  back  into 
the  pile. 


IDS  as  a  bandwidth  hog? 

Because  we  had  sensors  at  remote  locations, 
we  were  concerned  about  the  bandwidth  the 
sensors  would  consume  talking  back  to  the 
management  console.  On  a  bad  worm  day 
in  August,  we  tracked  bandwidth  usage  for 
12  hours.  The  sensors  monitored  an  aggre¬ 
gate  bandwidth  of  about  3M  bit/sec  across 
both  sites.  The  only  one  that  gave  us  concern 
was  ISS,  which  ate  up  61K  bit/sec  per  sensor. 


Aggregate  bandwidth  consumption 
(in  K  bit/sec) 


V _ _ _ / 


In  our  tests,  ISS  came  though  with  flying  colors,  giv¬ 
ing  us  the  freedom  to  go  through  our  data  quickly 
searching  for  patterns  and  problems.  Cisco  and,  to  a 
lesser  extent,  Intrusion  both  have  a  similar  capability, 
but  could  learn  a  lot  from  the  flexibility  and  freedom 
in  the  ISS  interface. 

Cisco  and  Intrusion  are  actually  more  flexible  than  ISS 
for  some  queries,  because  you  can  pivot  on  any  column 
in  its  interfaces,  whereas  ISS  limits  you  to  the  most  com¬ 
mon  possibilities.  However,  in  two  months  of  working 
with  these  products,  we  never  hit  a  wall  with  ISS. 

Which  IDS  is  right  for  you? 

If  you  already  know  that  you  want  an  IDS,  our  two  can¬ 
didates  would  be  ISS  and  NFR.  If  you  think  that  writing 
signatures  is  going  to  be  part  of  your  application  and  if 
you’re  looking  for  a  combination  of  policy  enforcement 
and  security  NFR  comes  in  a  clear  winner  with  its 
N-Code  language. 

But  if  you  think  signatures  should  come  from  the  ven¬ 
dor,  ISS  provided  the  best  ability  to  manage  the  data  thou¬ 
sands  of  systems  would  generate. 

If  you’re  not  happy  with  ISS’  options,  Intrusion  offers 
a  similar  product  line  but  with  reduced  management 
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Network  World  gratefully  acknowledges  the 
support  of  vendors  that  supplied  key  infrastructure 
for  this  project. 

■  American  Power  Conversion  supplied  its 
SmartUPS  XL5000  uninterruptible  power  supply. 

■  HP  supplied  ProLiant  ML330  servers  to  act  as 
“sacrificial  lambs"  hosting  a  variety  of  Unix  and 
Windows  operating  systems. 

■  Atanda  Web  Presence  Services  hosted  the 
San  Jose  site  within  out  test  bed. 


capabilities. 

Cisco  has  wide  potential  and  enormous  breadth  in  its 
sensor  options.  If  the  company  is  successful  at  integrating 
the  CTR  technology  into  its  product,  Cisco  will  be  a  clear 
contender.  While  its  Web-based  GUI  is  relatively  slow,  it 
also  has  some  brilliant  engineering  behind  it.  Likewise, 
Intrusion  has  potential  with  its  pieces  but  needs  to  build 
them  into  a  better-integrated  whole. 

Barbedwire,  the  newcomer  in  this  bunch,  builds  on 
the  respected  high-performance  Snort  engine. 

However,  Barbedwire ’s  choice  of  database  and  tuning 
on  its  hardware  platform  were  major  errors  in  execu¬ 
tion.  Performance  problems  on  the  low-speed  net¬ 
works  we  threw  at  its  products  suggest  that  it  needs  to 
go  back  to  the  engineering  table.  It  could  spend  less 
time  on  elegant  Linux  GUI  management  pieces  and 
more  on  the  security  application  its  platform  is  sup¬ 
posed  to  support. 

Snyder  is  a  senior  partner  at  Opus  One  in  Tucson,  Ariz.  He 
can  be  reached  at  Joel.Snyder@opusl .com.  Newman  is 
president  of  Network  Test,  an  independent  benchmarking 
and  network  design  consultancy  in  Westlake  Village,  Calif.  He 
can  be  reached  at  dnewman@networktest.com.  Thayer  is  an 
independent  security  consultant  and  co-author  of  the  lETFs 
RFCs  on  the  IP  Security  road  map  and  the  OpenPGP  archi¬ 
tecture.  He  can  be  reached  at  rodney@tillerman.to. 


Global  Test  Alliance 


■  Snyder,  Newman  and  Thayer  are  members  of  the 
Network  World  Global  Test  Alliance,  a  cooperative  of  the  pre¬ 
mier  reviewers  in  the  network  industry,  each  bringing  to 
bear  years  of  practical  experience  on  every  review.  For  more 
Test  Alliance  information,  including  what  it  takes  to  become  a 
member,  go  to  www.nwfusion.com/alliance. 


You  Need  Belden’s  New  DataTwist  600e  — 

The  Only  Network  Cable  That  Guarantees  Performance  Beyond  Category  6  Standards. 

Suddenly,  as  quickly  as  Category  6  cable  performance  standards  have  been  adopted.  Belden 
has  made  them  obsolete.  DataTwist  600e  UTP  networking  cable  was  developed  not  only  to  meet 
Category  6  standards,  but  also  to  provide  significant  amounts  of  headroom  above  and  beyond 
them  —  guaranteed.  It’s  the  industry’s  only  UTP  cable  with  guaranteed  performance  to  600  MHz. 

The  secret?  Belden's  unique,  patented  Bonded-Pair  technology  that  ensures  uniform  conductor- 
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by  placing  pairs  in  individual  chambers. 
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supplier  ol  FEP  Teflon 
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All  of  which  means  better  and  faster  performance  for  you. 
For  more  information  call  1-800-BELDEN-4  to  get  your 
FREE  copy  of  the  DataTwist  600e  New  Product  Bulletin. 
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CAREER  DEVELOPMENT 
PROJECT  MANAGEMENT 

Terminating  a  systems  administrator 

When  it’s  time  for  an  IT  employee  to  go,  eliminate  all  the  ways  that  person  can  access  your  network. 


■  BY  FREDERICK  HOWELL  AND  DAVID  LAWSON 

Perhaps  one  of  the  most  challenging  situations  in  an  IT  organiza¬ 
tion  is  to  let  a  systems  administrator  go.  This  individual  has  the 
proverbial  keys  to  the  kingdom  as  a  trusted  member  of  your  cor¬ 
porate  team.  If  the  time  comes  to  part  ways,  it’s  imperative  to  do  a 
thorough  job  of  removing  the  employee’s  physical  and  logical 
access  to  your  network  and  facilities. 


The  first  step  is  to  consult  with  the  appro¬ 
priate  legal,  human  resources  and  manage¬ 
ment  personnel  to  ensure  a  proper  basis 
for  the  termination  or  to  work  out  the  sev¬ 
erance  specifics  for  the  layoff.  Next  you  can 
zero  in  on  the  technical  and  security  issues 
that  need  to  be  addressed.  The  goal  is  to 
complete  the  process  with  little  or  no  dis¬ 
ruption  of  business  processes  and  to  do  it 
in  a  professional  and  complete  manner. 

You  need  to  eliminate  the  employees  ac¬ 
cess  to  corporate  sites  and  assets,  networks, 
systems  and  applications  to  prevent  him 
from  damaging  company  property  and 


data.Accomplishing  this  requires  inventory 
planning,  execution  and  monitoring.  What 
follows  are  some  guidelines  for  completing 
the  four-step  process. 

Inventory 

Inventory  all  the  devices,  systems  and 
applications  to  which  that  individual  might 
have  access.  List  all  the  accounts  the 
employee  holds  and  any  orphan  accounts 
(that  don’t  have  known  owners).  Pay  spe¬ 
cial  attention  to  privileged  accounts  that 
either  have  administrator  rights  or  can 
modify  accounts.  List  all  systems  and  appli¬ 


cation  accounts  that  are  used  by  various 
processes  on  those  systems.  Finally  look  for 
any  rogue  devices  and  systems  processes 
or  applications  that  should  not  be  on  legit¬ 
imate  systems  builds. 

Now  is  a  good  time  to  review  the  compa¬ 
ny’s  current  information  security  position.A 
third  party  often  can  perform  a  vulnerabili¬ 
ty  assessment  or  audit.This  will  provide  you 
with  a  current  list  of  threats  and  vulnerabil¬ 
ities  that  require  attention. 

Plan 

Identify  the  specific  personnel  and  man¬ 
agement  necessary  to  complete  the  termi¬ 
nation  process.  Ideally  you’ll  apprise  them 
of  what  they  need  to  do  and  why  with  as  lit¬ 
tle  notice  as  possible.  Try  to  pick  a  time 
when  the  systems  administrator  is  busy 

Have  your  network,  systems  and  backups 
inventoried, checked,  verified  and  available 
for  use  in  case  you  need  to  rebuild  and 
reinstall  any  of  the  network  devices,  operat¬ 
ing  systems  or  data. 

Figure  out  how  you’ll  go  about  eliminat¬ 
ing  physical  access,  network/systems  ac¬ 
cess  and  application  access.  Human  re¬ 
sources,  security  or  facilities  departments 
usually  handle  physical  security  Human  re¬ 
sources  will  coordinate  the  retrieval  of  the 
employee’s  ID  badge,  access  swipe  cards, 
keys,  combination  locks  and  safe  combina¬ 
tions,  and  inform  security  personnel  of  the 
employee’s  departure. 

Network/systems  access  must  be  re¬ 
moved  at  the  same  time.  Based  on  the  in¬ 
ventory  completed  in  Phase  One,  you 
should  know  all  the  network  devices  the 
employee  controls.  You’ll  need  an  IT  pro¬ 
fessional  to  handle  the  task  of  disabling 
access  and  changing  passwords  on  those 
devices.  A  second  person  might  be  re¬ 
quired  to  disable  network  access  and 
change  passwords  to  operating  systems. 

Application  access  also  needs  to  be  dis¬ 
abled  and  passwords  changed  on  all  the 
privileged  accounts  the  administrator  uses. 

Execute 

Executing  the  plan  requires  that  all  the 
management  and  personnel  resources  are 
available  to  complete  the  termination 
process.The  timing  of  the  event  is  in  your 
control  unless  the  employee  or  contractor 
has  violated  a  law  or  policy  that  requires 
immediate  dismissal.  If  you  can  pick  the 


time,  midweek  is  best  because  technical 
resources  are  more  readily  available  to 
deal  with  any  operational  issues. 

Document  all  assignments  and  whom 
you’ve  chosen  to  complete  each  task. 
Record  all  activity  in  a  log  and  create  a 
report  that  is  turned  into  senior  manage¬ 
ment.  Begin  executing  the  plan  the 
evening  before  or  early  the  day  that  the 
systems  administrator  will  be  terminated. 

Follow  all  human  resources  policies  and 
procedures  and  use  the  termination- 
process  notification  and  exit  interview  as 
an  opportunity  to  ask  if  the  employee  or 
contractor  set  up  any  devices,  software  or 
accounts  that  aren’t  documented.  Im¬ 
mediately  disable  or  change  any  that  you 
identify  Be  civil  and  polite  during  this 
process,  and  maintain  your  professionalism 
at  all  times. 

Tell  the  employee  that  this  was  a  business 
decision  and  that  your  concerns  are  about 
the  safety  and  security  of  the  company’s 
information  resources.  Escort  or  remove 
the  terminated  employee  according  to 
human  resources  policies  and  procedures. 

Monitor 

Monitoring  should  begin  immediately 
once  all  access  is  removed  and  the  termi¬ 
nated  employee  has  been  notified.  Pay  par¬ 
ticular  attention  to  the  privileged  accounts 
for  usage  and  access  to  the  devices  for¬ 
merly  under  the  employee’s  control.  Any 
use  of  those  accounts  should  be  consid¬ 
ered  suspicious  and  investigated  thor¬ 
oughly  Many  intrusion-detection  systems 
(IDS)  will  consolidate  the  audit  and  log 
files  of  various  devices  and  software.  The 
IDS  can  monitor  the  trends  of  all  usage  of 
privileged  accounts. 

Even  in  the  best  of  circumstances,  a  sys¬ 
tems  administrator’s  dismissal  and  the 
clean-up  process  can  be  lengthy  and  labo¬ 
rious.  With  a  proper  process  in  place  you 
can  reduce  the  risks  associated  with  such 
a  termination  and  minimize  the  stress  on 
all  involved. 

Howell  is  a  consultant  and  Lawson  is 
managing  consultant  for  the  security  prac¬ 
tice  of  Greenwich  Technology  Partners,  and 
both  are  also  Certified  Information  Systems 
Security  Professionals.  They  can  be  reached 
at  fhoweIl@greenwichtech.com  ana 
dlawson  @ greenwichtech.com,  respective! . 


Eliminating  access 


Here’s  how  to  make  sure  the  departing  employee  doesn’t 
walk  off  with  the  keys  to  the  kingdom. 


Physical  security 
Have  employee  surrender: 

-ID  badges. 

-Swipe  or  access  cards. 
-Keys. 

-Smart  cards  or  tokens. 

-All  other  company 
property. 

□  Change  all  the  locks  on 
doors  with  keys. 

□  Change  combination  locks. 


Network/systems  access 

□  Disable  or  change 
passwords  on  all  network 
devices. 

□  Remove  from  network 
access  lists: 

-Modem  pools. 

-ISDN  pool. 

-VPN  servers. 

-In-bound  network  access 

(SSH,  telnet,  rlogin). 

-Cable  modem  access. 

Application  access 

□  Disable  or  change 
passwords  to  NT  domains, 
Unix  domains  and  all 
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The  ATTO  Diamond  RAID  St  cl 
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A  primary  storage  array  with 
industry-leading  performance, 
capacity  and  high  availability 
at  a  price  you  can  afford 


A  near-line  storage  solution 
offering  all  the  benefits 
of  on-line  storage 
without  the  cost 


Diamond  VT  (Virtual  Tape) 
Lightning-fast  backup 
&  restores 


ATTO  diamond  RAID  Storage  Array 


Up  to  7.2  Terabytes  in  a  3U  enclosure  with  performance  up  to  240  MB/sec. 


Power  Behind  the  Storage 

SAID  storage  arrays  •  Fibre  Channel  bridges  •  IP  bridges 
•  SCSI  and  Fibre  Channel  host  adapters 
ribre  Channel  hubs  •  SAIM  connectivity  software 


716.691.1999 

attotech.com/nwd 


ATTO 


ATTO  Technology,  Inc. 


■'WSQ 


||||  Selecting  the  right  components  for  your 
network  is  often  a  challenging  decision. 

With  our  AlterPath  PM8,  you  can  remotely 
re-boot  your  system  with  just  a  few  mouse  clicks.  Yk; 

By  integrating  the  AlterPath  PM8  with  our  Jk 

award-winning  AlterPath  ACS,  you  combine 
power  and  console  management.  Now  you  can 
command  all  your  infostructure  with  secure  authentication  !| 
and  bulletproof  encryption  as  demanded  by  todays' 
mission-critical  applications  all  in  one  single  session  -  anytime,  anywhere 
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AlterPath  PM8 
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Integrated  Power 
and  Console 

Console  and  power  control  from  one  session, 
no  need  to  memorize  ports  and  addresses 

II 

Security 

SSH  v2,  strong  authentication,  encryption  and 

IP  filtering  on  both  power  and  console  access 

K 

Daisy  Chain 

Daisy  chain  power  distribution  units  to  control 
any  number  of  devices  from  a  single  serial  port 
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'Best  Hardware  for 
Linux  since  1995' 


www.cyclades.com/ nw 

1 .888. cyclades 
sales@cyclades.com 


cyclades 


©2003  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  ore  property  of  their  respective  owners.  Product  information  subjed  to  chonge  without  notice. 


60 

mm 


J 


NetworkWorld 

“  THE  HUB  OF  THE  NETWORK  BUY 


BP 


rUltraUn.k 


UltraLink™ 

TE  KVM  ACCESS  OVER  IP 

Connect  to  remote  computer  over  Ethernet  or  dial-up 
Single,  dual,  quad  models 

Local  KVM  port  to  access  computers  at  UltraLink  unit 

Modem  port  with  dial-back  security 

Up  to  1 280x1024  resolution,  supports  all  platforms 

Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 

SSL  security  and  passwords  prevents  unauthorized 
access 


Rose  Electronics  •  10707  Stancliff  Road  ■  Houston,  Texas  77099 


CrystalView™  Pro 

DIGITAL  KVM  EXTENDER 

OVER  FIBER  OR  CAT  5 

♦  Extends  KVM  signals  up  to  33,000 
feet  away 

♦  Uses  only  two  fibers  or  single  Cat  5 

♦  Supports  DVI/VGA,  PC,  Sun,  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1 200  resolution 


CrystalView™  Rack 
CAT 5 KVM  EXTENDER 

♦  Extends  the  distance  from  6  or  1 2 
PC's  up  to  1 000  feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1600x1200  resolution 


CrystalView™ 

CAT 5  KVM  EXTENDER 

♦  Extends  your  KVM  station  up  to 
1 000’  from  your  computer 

♦  Supports  PC,  Sun,  or  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600  xl  200  resolution 

♦  Available  as  standalone,  rack 
mounted,  or  high  density  chassis 


CrystalView™  Mini 
CAT 5 KVM  EXTENDER 

♦  Extends  KVM  station  up  to  150 
feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1280x1024  resolution 


USA  toll  free  800  333  9343 
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ROSE  Europe  +44(0)1264  850574 
ROSE  Asia  +65  6324  2322 
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COMPLETE  REMOTE  KVM  CONTROL  VIA  TCP/IP 


BEST  OF  INTEROP 

NETWORLD  INTEROP 


O  CRN 


2003  Winner 

of  the  Best  Of  Show  Award 


Extend  Your  IT  Reach  Beyond  The  Server  Room 


Kaveman  1 6  -  Allows  up  to  6  simultaneous 

users  connecting  16  servers 


How  does  Kaveman  work 


Mouitoring  Configuration 


Remote  Keyboard,  Video  and  Mouse  Access  via  Web  Browser 

You  can  access  to  the  BIOS  level  of  your  servers  or  serial  devices  anytime, 
anywhere  with  full  KVM  control  via  a  Web  Browser  or  VNC. 

24/7  Automatic  Server  Monitoring 

Kaveman  monitors  server  functions  and  notifies  you  before  any  server 
problems  become  critical. 

Highly  Secure  Deployment 

Kaveman  utilizes  128-bit  SSL  encryption  for  all  keyboard  and  mouse  data 
and  supports  SSH  and  VPN  environments.  In  addition,  Kaveman  offers 
specialized  security  features  including  the  Turtle  mode  and  Stealth  mode. 

Non-IntrusiveTo  Your  Network  Environment 

As  a  stand  alone  device  that  requires  no  additional  software  or  hardware 
to  install,  Kaveman  minimizes  the  potential  impact  on  your  servers. 

Remote  Power  Cycling 

You  can  power  cycle,  turn  on/off  any  connected  device  over  IP  simply 
using  a  common  Browser. 


The  Engine  of  Innovation 


www.digitalv6.com  1-866-922-2333 


Mention  Promotion  Code  ‘NETWORK  WORLD’  when 
purchasing  the  Kaveman. 


in  Rem  te  Reboot  AC  or  DC  Power  Management 


Don't  let  server  lock-up  knock  you  off  the  mountain.  Spectrum  Control's 
SMARTstart  power  distribution  units  with  remote  power  management 
capability  allow  you  to  monitor,  sequence  and  reboot  your  servers  and 
network  equipment  from  any  remote  location. These  AC  or  DC  rack 
mounted,  off-the-shelf  solutions  feature  several  methods  of  communication, 
including  advanced  Web  Browser  access  and  greater  power  management 
than  you  ever  imagined. 

•  Reboot  via  telnet  and  other  convenient  interfaces 

•  Lower  costs  through  reduced  network  downtime  and  field  service  visits 

•  SMARTstart  PDU's  offer  customization  and  are  upgradable 

•  Menu-driven  user  friendly  interface  and  secure  password  protection 

•  Global  access  to  monitor,  reboot  and  sequence  outlets 

•  Email  alerts  &  SNMP  Traps  for  immediate  system  status  notification 

ALL  AT  AN  UNBELIEVABLE 
OUT-OF-THE-BOX  PRICE! 


To  learn  more  call  814-474-2207 
or  for  online  data  sheets .  go  to  h 
www.spccpowe  r.com/ ririiio  t  c2  2 


We're  looking  for  Resellers  (VAR'S) 
and  Distributors  to  join 
our  SMARTcirde 
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5  Sterling  •  Irvine  •  Californio  926  1  8-25  1  7 


"Keeping  the  Net.. .Working!" 


Yes,  you  can  Switch 
Power  over  the  Internet 


www.wti.com 


(800)  854-7226 


Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /  Off  /  Reboot  Switching 

■  Versatile  Zero  U  Mounting 


awn  Network  Uool  liar 

RFR 

j  Fie  {■<#  Yew  Fjv antes  Tool*  yelp 

§§ 

NETWORK  BOOT  BAR 

LOCATION:  NBB  Live  Demo  Unit 

SWITCH  PANEL 

Firmware  Version;  1.01 

Plug  Name 

Status 

On 

Off 

Boot 

1  Server_l 

Tow  i 

r 

r 

r 

2  Server_2 

(jsD 

r 

r 

r 

3  Hub 

1  on  i 
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4  Router 

Ton?,] 

r 

r 

r 

5  Modem 

fowl 

r 

r 

r 

All 

r 

r 

r 

Plugs 

Setup  |  Log  Out  | 

Refresh  | 

Apply;.] 

Cancel  | 

Get  instant  vision  into  your  network 
with  one  essential  tool. 


LinkRunner  is  your  fastest  possible  antidote  for 
trouble  calls  on  drops.  Plug  it  into  a  poet  and  quicker 
than  lightning  strikes,  LinkRunner  verifies  link  and 
speed/duplex  settings.  One  button  auto-pings  to  test 
connectivity  to  and  from  key  network  devices.  Tests 
patch  cords  and  cable  for  faults  and  length.  And 
LinkRunner  is  totally  user-friendly  -  no  training  required! 
When  you  see  how  easy  this  network  multimeter  is  to 
work  and  how  much  more  productive  it  can  make  you 
and  your  crew,  you  won't  want  to  go  to  work  without 
one  in  your  pocket. 


LinkRunner  is  part  of  a  family  of  network  support  tools. 
Find  the  right  tool  to  fit  your  needs  with  the  interactive 
selection  guide  at  www.flukenetworks.com/toolguide. 


LinkRunner m 
Network  Multimeter 


ORKSUPERVISION 


•2003  Ruke  Corporation.  All  rights  reserved.  01776 
Other  products  mentioned  herein  are  the  property  of  their  respective  owners. 
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SSH  or  Out-Band  Access  to 
Consoles  at  R  emote  Locutions 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  1 1 5/230VAC  or  -48VDC  Models 

The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the  Visit  website  fOf  Complete  NetRedCh™  product  line. 

SCM-16  serial  outputs. 


(800)  854-7226  •  www.wti.com 

5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 


western  telematic  incorporated 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Observer 
* 995 


Expert 
Observer 
$ 2895 


Observer 

Suite 

$3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 
Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


Br-  i 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  instruments,  LLC 
All  other  trademarks  are  property  of  their  respective  owners. 
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*s  Your 
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Verify  Amps  Used  per  Circuit 
with  Sentry  Input  Current  Monitor 

•  Precisely  measure  the  current,  in  amps, 
for  each  power  circuit 

•  Prevent  overloads  on  existing  power  circuits 

•  Reduce  costs  for  additional  power  circuits 

•  Overcurrent  alarms 

•  Remote  Measurement  via  IP  or  RS-232 

•  Local  Measurement  via  digital  display 

Sentry  Power  Tower.  Equipment  Cabinet  Solutions. 


Server  Technology,  Inc. 


1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 


dtSearcn 


Instantly  Search 
Gigabytes  of  Text 

♦  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  and  full-text  search  options 

♦  highlights  hits  in  HTML  and  PDF  while  displaying  embedded  links,  formatting  and  ITi'Miia 

♦  converts  other  file  types— word  processor,  database,  spreadsheet,  email,  ZIP,  XML, 
Unicode,  etc.— to  HTML  for  display  with  highlighted  hits 

♦  developer  products  have  easy  wizard-based  setup;  optional  API 


“Searches  at  blazing  speeds” 

-  Computer  Reseller  News 
Test  Center 

“intuitive  and  austere  ...  a 
superb  search  tool”  -  PC  World 

“Very  powerful ...  a  staggering 
number  of  ways  to  search” 

-  Windows  Magazine 

“Blindingly  fast”  -  Computer  ^ 
Forensics:  Incident 
Response  Essentials 

“A  powerful  text 
mining  engine  ... 
effective  because 
of  the  level  of 
intelligence  it  displays 
-PCAI 

dtSearch  “covers  all  data 
sources ...  powerful  Web- 
based  engines”  -  eWEEK 

5eewww.dtsearch.com  for: 

♦  developer  case  studies 

♦  fully-functional  evaluations 

1  -800-IT-FINDS 

sales@dtsearch.com 


In  the  past  year  alone,  over 
half  of  the  current  Fortune  10 
have  purchased 
developer  or 
network  licenses. 


Desktop 

♦  $199 


Spider 

♦  included 
with  Desktop, 
Network  ond 
Web 


Network 

from  $ 800 


The  Smart  Choice  for 
Text  Retrieval  since  1991 


Intrusion  Prevention 
for  Microsoft  Web  Servers 


SecurellS™  Web  Server  Protection 

•  Requires  No  Signature  Database  Updates  •  Shields  Against  All  Classes  of  Attack 

•  Simple,  Powerful  GUI  •  Protects  Without  Disabling  IIS  Functionality 

•  Central  Policy  Management  •  RFC  Compliancy  Checking 
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•  :Oiid  a  FREE  Whitepaper  and  FREE  Trial  of  SecurellS: 
.  com/FreeSecurellS  or  call  866.282.8276 


ity  for  blocking  known  and 
Microsoft  IIS  servers. 


CISCO  NORTEL 


Nortel  Baystack 
450-24T  Switch  Reg.  $695 


Cisco 

WS-C1 924C-EN  Reg.S350 


Nortel  Baystack 
310-24T  Switch  Reg.  S29S 


Cisco  2501 


Fax  Equipment  List 
To  801-377-0078 

N&RTEL 

NETWORKS 

BayNetworks^ 

WHM 

caaeiRon 

-  tr.fFms 


NEW  • 


/  BUY  •  SELL 


888-8LANWAN  ££% 

Call  for  Free  Quote!  (888-852-6926)  www.nle.com 


iruMi 


For  tv>o re  information 
on  ajs/ertmn^  In 
^e*wo rk  Worlds  Marketplace: 
800-611-1108 
</r_ja(es©nww.coiv> 
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^  Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SONICWAU 
Security  Products! 

•  Inventory  on  hand 

•  Aggressive  prices 

•  Added  margins  with  training 

•  Pre  sales-Post  sales  support 

Securematics  is  a  SonicWALL  Authorized  Distributor 
And  Authorized  Training  Partner. 


To  sign  up  for  the  Medaiion  Partner  Program,  please  contact  us. 


Call  -  888-746-6700  sales@securematics.com  www.securematics.com 


OptimumDatalnc. 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fax:  +  I  402  575  2011 


www.optimumdata.com 

9  We  $*&§§ 
Used  Cisco 


120  Da^^c 

Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 

_  -  .2  «.  a  — 


ewan  is  pleased  to  offer  all  new  clients  One  Month  of  Internet  Bandwidth,  absolutely  free!  Simply  contact  one  of  our  representatives  for  details 


Facilitie 


arrier 


949-851-7190 

rtrt  fUn  lalAk  A  ♦  *  laninal  Aiaa  A  ra  i  AAm  V  O  tr  nm  All  ale*  o  ♦  ■  c  ailAP/^Ataf  Anl  AAm 


On  the  web  at:  www.ewan1.com  i  Or  email  us  at:  sales@ewan1.com 


1700  E  Garry  Ave  •  Suite  203  •  Santa  Ana,  CA  •  92705  •  Fax  949-852-2644 


Local  loop  3nd  co-iocation  costs  not  nduded  Client  ts  response#  for  local  loop  and  cofocatxxi  costs. 


-  . 


Contact  these  companies  today  to  help  you  with  your  training  needs! 


|  MeasureUp 

(678)  356-5000 
I  www.measureup.com 
Certification  Practice  Tests 


!  Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


Learnkey,  Inc.  ^ 

(800)  865-0165 
I  www.leamkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


|  CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
I  www.cbtnuggets.com 
Affordable  training  videos  on  CD. 

MCSE,  MCDBA,  MCSD,  CCNA,  Citrix,  Linux,  A+,  Net+ 


IPexpert,  Ine. 

(866)  225-8064 
|  www.ipexpert.net 
CCIE  (R&S,  SEC,  and  C&S),  CCSP, 
CCNP,  CCNA,  IP  TELEPHONY 


|  Capella  University 

(888)  CAP-ELLA  V 

|  www.capella.edu 

Capella  University:  Offering  accredited  | 
I  online  IT  degrees 


i-j  Aim  J-j'M  Lhihiii  jJa/a 
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NetSmart  Learning  Partner 


We  Buy  New/Used 

CISCO 


714-878-2953 

Call  us  today  to  recover 
your  assets 


You  got  the  gear, 
we  got  the  cash! 


..A- 


Save  40-70%  on  Network  Equipme 


Refurbished  Routers,  Switches, 
Access  Servers  and  Modules. 


Trust  .Value  II 

Quality  Parts. Great  Prices 


^  Trust  the  Experts 

Continental 


Call  today  for  : 
10%  off  1  item  (Up  to  $500.|j 
*New  customers  on/yfij 


www.  con  ticomp.  com 
COMPUTERS *.»<*«  Call  us:  (310)  416-1200 


it  careers.com 


careers 
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Senior  GiS  Developer  sought  by 
information  technology  company 
in  Englewood,  CO  to  work  in 
Westminster,  CO  and  other 
unanticipated  job  sites  in  the 
U  S.  At  a  senior  level,  engage  in 
full  life-cycle  software  develop¬ 
ment  of  Geographic  Information 
Systems  software  for  utilities 
and  communications  compa¬ 
nies.  The  software  applications 
are  client/server  based,  incorpo¬ 
rate  relational  database  man¬ 
agement  systems,  and  utilize 
Windows  NT  or  UNIX  operating 
systems  Analyze  requirements. 
Create  designs  and  design  doc¬ 
umentation.  Code,  test,  debug, 
enhance  and  implement  the 
software  applications.  Complete 
integration  with  customers' 
existing  systems  and  provide 
customer  support  as  needed. 
Use  Java.  C++,  Oracle,  PL/SQL 
and  proprietary  languages  and 
tools  in  the  design  and  develop¬ 
ment  process.  Requires  bache¬ 
lor’s  or  foreign  equivalent  in 
computer  science  engineering 
(including  electronics  and  com¬ 
munications  engineering)  geog¬ 
raphy  or  related  field.  Three 
years  experience  in  designing 
and  developing  Geographic 
Information  Systems  software 
applications  in  a  client/server 
environment  for  telecommunica¬ 
tion  and  utility  companies  using 
Oracle,  PL/SQL  and  C++.  M-F; 
8am-5pm;  $82,777/yr.  Employ¬ 
ment  Programs,  PO  Box  46547, 
Denver,  CO  80202  and  refer  to 
C05055570. 


Director,  Global  Development 
Interfaces:  Direct  the  manage¬ 
ment  of  the  design,  develop¬ 
ment  and  implementation  of 
Heidelberg's  global  applications 
and  software  systems  ,  includ¬ 
ing,  but  not  limited  to  managing 
ERP  implementations  utilizing 
multiple  mySAP  solution  compo¬ 
nents  (e  g.  SAP  Enterprise  ver¬ 
sion  and  SAP  BW),  associated 
system  upgrades  and  hotpack 
installations:  the  design,  devel¬ 
opment,  and  administration  of 
Mobile  applications  utilizing 
Microsoft  NET/JAVA  environ¬ 
ment,  MS-SQL  /  SeeBeyond 
middleware,  SAP  R/3,  AS/400 
and  Clarify  as  backoffice  sys¬ 
tems;  the  design  and  imple¬ 
mentation  of  inbound  and  out¬ 
bound  interfaces  connecting 
SAP  R/3  /mySAP  solutions  to 
and  from  various  external  sys¬ 
tems;  the  implementation  and 
support  of  Internet/Intranet 
Business  applications  utilizing 
JAVA/ATG/SAP  technology 
solutions;  and  manage  the 
recruitment,  hiring,  firing  and 
assignment  of  project  man¬ 
agers,  professionals  and  sup¬ 
port  personnel.  Must  have  a 
Master  s  Degree  or  foreign 
equivalent  in  Computer 
Applications  or  a  related  field 
and  three  (3)  years  of  experi¬ 
ence  as  a  systems  engineer  or 
related  field  or  a  Bachelor  s 
Degree  or  foreign  equivalent 
and  5  years  of  experience  in 
systems  engineering  or  a  relat¬ 
ed  field  If  interested,  submit 
resume  to:  Crawford  M.  Scott, 
Heidelberg  Americas.  Inc., 
1000  Gutenberg  Drive, 
Kennesaw,  Georgia  30144 


ENGINEER,  Application 
(DSL).  For  fieldwork  in 
various  location  in  San 
Bernardino  County. 
(Send  resume  to  Chris 
Vallan,  South  Valley 
i  cm  Resources,  Inc. 
1 1 1 '  Kishimura  Dr., 
iG’.iitv/  CA  95020. 


Senior  Research  Scientist.  Re¬ 
sponsibilities  include:  1/  Conduct 
research  in  the  areas  of  pattern 
recognition,  image  analysis,  PDE 
-based  image  processing,  texture 
synthesis,  and  3D  data  process¬ 
ing;  21  Conduct  research  in  the 
areas  of  wireless  data  communi¬ 
cation  and  data  processing;  3/ 
Develop  applications  related  to 
object  extraction,  target  tracking, 
and  image  browsing  and  re¬ 
trieval;  4/  Develop  applications 
related  to  wireless  multimedia 
communication  and  processing; 
and  5/  Help  transition  applica¬ 
tions  to  commercial  products  for 
wireless  platforms.  Including 
BREW,  J2ME,  and  Symbian. 
Requires  Ph  D.  in  Electrical  & 
Computer  Engineering  and  mini¬ 
mum  1  year  exp.  in  Electrical/ 
Computer  Engineering,  inc.  exp. 
with  MFC  programming,  industri¬ 
al-level  software  development, 
and  computer  networks  and  com¬ 
munication.  40  hrs.  per  week, 
8:30  am  -  5:30  pm.  Job  site: 
Raleigh,  NC.  Send  resume  to 
Gary  E.  Ban.  Chief  Operating 
Officer,  Summus,  Inc.  (USA),  434 
Fayetteville  Street  Mall,  Suite 
600,  Raleigh,  NC  27601.  All 
applicants  must  have  the  legal 
right  to  work  in  the  US. 


Dassault  Systemes  Services, 
LLC  is  dedicated  to  helping  its 
customers  realize  the  benefits  of 
3D  product  lifecycle  manage¬ 
ment  (PLM)  solutions. 

We  are  looking  for  consultants  to 
analyze  our  manufacturing 
clients  needs  and  configure 
solutions  using  the  Dassault 
family  of  PLM  software. 
Consultants  will  work  on  site  at 
customer's  locations  and  will  be 
required  to  travel  throughout  the 
United  States  60%  of  the  time.; 
implement  PLM  software;  and 
provide  technical  support. 
These  positions  require  a 
Bachelor's  degree  in  Mechanical 
Engineering  or  a  closely  related 
field  and  experience  with  PLM 
software. 

Dassault  Systemes  Services, 
LLC  promotes  a  work  environ¬ 
ment  that  focuses  on  integrity, 
teamwork  and  fun.  If  you  quali¬ 
fy,  please  send  your  resume 
indicating  the  position  of  interest 
to:  Dassault  Systemes  Services, 
LLC,  10926  David  Taylor  Drive, 
Suite  300,  Charlotte,  NC  28262. 

We  are  an  equal  opportunity 
employer. 


Software  Enggs.  to  lead  teams 
to  design,  develop/maintain  web 
appls  using  Java,  J2EE, 
Servlets,  ASP,  EJB,  HTML, 
JavaScript,  JSP,  VB,  SQL 
Server,  etc  on  Windows  &  UNIX 
OS;  provide  training  &  user  sup¬ 
port  for  the  systems  and  related 
appln  internally  &  to  clients; 
debug  and  modify  existing  soft¬ 
ware.  Require:  MS  or  foreign 
equiv  in  Comp.  Sci  /  Comp. 
Engg.  &  1  yrexp.  in  IT.  Full  time. 
High  Salary.  Travel  involved. 
Respond  by  mail  to  HR,  ABZ 
Consulting,  Inc.,  2600  Century 
Prkwy,  Ste  100,  Atlanta,  GA 
30345. 


Software  Engineer 
Develop  &  modify  customized 
computer  applications  including 
RDC  and  Oracle  Clinical.  Use 
UNIX,  shell  script,  c/C++/Java 
programming,  PL/SQL, 

DYNAMIC  SQL.  Work  with  DBA 
on  performance  tuning,  data¬ 
base  layout  and  design.  Define 
functional  requirements,  detail 
design  requirements,  document 
programs  as-built.  Production 
support,  including  backend  data¬ 
base  corrections  and  customer 
support.  Req  5  yrs  prev  exp 
Send  resume  to  BLC 

Consulting,  Human  Resources. 
26  Jefferson  Court, 

Wethersfield,  CT  06109. 


Network  Engineer  in  Stamford 
CT-Mgmt  of  deployment  & 
implmtn  of  various  Exchange 
5.5  server/Exchange  2000  serv¬ 
er  solutions;  in  Win  2000/NT 
envrmt;  day  to  day  Exchange 
server  admin.  Admin  of  server 
based  applies.  Admin  of  Cisco 
Routers  connecting  branch 
offices  &  Virtual  Private 
Networks  (VPN)  appliances  for 
remote  uses.  Maintenance  & 
troubleshooting  of  Raptor 
Firewall  &  Nokia  appliance  run¬ 
ning  Checkpoint  Firewall  systms 
for  network.  Perl  &  CGI  prgmg 
for  custom  s/ware  applic.  Bach 
in  Comp  Sci  or  Engg  or  its  for¬ 
eign  academic  equiv  +  2  yrs  exp 
in  job  offd.  Res:  Evero  Corp., 
David  Jacobson,  185  Hillside 
Ave,  NY,  NY  11596  or  Fax:  516- 
747-8383. 


Telecomm  co.  in  Framingham, 
MA  seeks  Embedded  Software 
Engineer  to  develop  real-time 
embedded  telephony  systems, 
including  program  digital  signal 
processors  for  modem  trans¬ 
port/voice  coding  and  embed¬ 
ded  control  processors  for  hard¬ 
ware  control/encoded  media 
packetization.  Must  have  BS  in 
Electrical,  Electronic,  or  System 
Eng.;  2  yrs  software  develop¬ 
ment  exp.,  including  experience 
with  embedded  software  devel¬ 
opment,  C,  and  assembly  for 
control/signal  processors; 
knowledge  of  Internet  Protocols 
for  media  transport  in  telephony 
applications.  Salary  $81, 730/yr. 
Submit  2  resumes  to  Case 
#200202669,  Labor  Exchange 
Office,  19  Staniford  Street,  1st 
fl.,  Boston,  MA  02114. 


Multiple  openings  for  Prog/Sys 
Analysts,  S/W  Engineers  to 
design/develop  S/W  appls  using 
some  of  the  foll-COGNOS, 
datawarehousing;  Cobol,  CICS, 
DB2;  Java,  PB,  HTML,  XML; 
C++,  VB,  Oracle,  Dev  2000; 
wireless,  web,  OO  technologies; 
SAP,  ABAP/4;  Oracle/Sybase/ 
Informix  database  admin; 
Unix/NT  system  admin.  BS/MS 
or  foreign  equiv.  in  CS,  Engg, 
Science,  Math, Business  or  relat¬ 
ed  field  and  relevant  exp.  High 
salaries,  F/T.  Travel  involved. 
Respond  to:  HR,  Smartsoft 
International,  Inc.,  4898,  South 
Old  Peachtree  Road,  Ste  200, 
Norcross,  GA  30071. 


Programmer  of  web-based 
applns.  in  Visual  Basic,  C++  and 
Access  Interactive  Web  Design. 
Maintain  company's  mail  order 
catalog  system;  develop  new 
modules;  custom  reports  to 
assist  mktng.,  finance  and  ship¬ 
ping  using  Pick  Database;  inte¬ 
grate  off-line  processing/  online 
ordering  systems;  maintain  Unix 
Server  on  Pick  platform,  work¬ 
stations,  networks  and  add 
users.  BS  in  CS  or  Equivalent  & 
3  yrs.  exp.  in  job  duties  or  5  yrs. 
exp.  in  job  duties  w/o  college 
degree.  Apply  to:  HR,  Atlanta 
Cutlery,  2147  Gees  Mill  Road, 
Conyers,  GA  30013  with  proof  of 
permanent  work  auth. 


Systems  Analyst:  Design  soft¬ 
ware  programs  for  company  in 
the  area  of  accounting;  Creates 
&  maintains  company  database; 
Designs  &  maintains  the  Internet 
&  e-business  strategy  &  the 
website  of  the  company;  Works 
w/Macromedia  flash  &  Photo¬ 
shop;  Works  w/ASP  &  cold 
fusion;  Works  w/SQL  server  7.0- 
BS  in  Computer  Information 
Systems  &  2  yrs  of  exp.,40-per 
wk.  9-6PM,  Fax  resume  to: 
Alexander  Motors  Int.  Corp 
Attn:  David  Adrian  Soae  (305) 
649-9932 


COMPUTER 

PricewaterhouseCoopers  LLP’s 
GRMS  practice  has  opportuni¬ 
ties  available  for  experienced 
professionals  in  the  area  of 
Computer  Security  Systems 
Integration.  Positions  require  a 
bachelor's  degree  (master's  pre¬ 
ferred)  and  2  to  4  yrs  related 
exp.  Additional  qualifications 
needed  include  experience 
using  LDAP  directories, 
RDBMS,  UNIX/Solaris,  NT  Web 
Security  Tools,  web  server 
installation  and  configuration, 
firewalls,  routers,  load  balancing 
and  HTML,  JSP,  ASP,  C++,  & 
Perl  language.  Job  site/location: 
New  York,  NY.  Interested  candi¬ 
dates  please  reference  job  code 
549PBG  &  mail  resume  to  David 
J.  Decarlo.  10  Tenth  Street  NW, 
Suite  1400,  Atlanta,  GA  30309. 
No  phone  calls  please. 
Employer  will  only  consider 
applicants  authorized  to  work  for 
any  employer  in  the  U.S. 


Microsoft  Certified  Trainer  - 
Solartech  is  seeking  a  FT  MCSD 
NET  trainer  with  3  yrs  exp  with 
BS  in  CS/MIS  or  equivalent  field. 
Candidate  must  have 
MCAD/MCSD  for  .NET  certifi¬ 
cates  and  valid  MCT  status;  exp 
in  full  life  cycle  development  of 
Microsoft  .NET  technology. 
Strong  web  based  application 
development  exp  is  a  must  (2 
domain  names).  Programming 
skills.  Access,  Flash,  XML,  web 
service,  ASP  ASP.NET,  VB 
Script,  Java  Script,  Com/DCOM, 
Java,  SQL  Server,  C++,  C#, 
Candidate  will  be  involved  in 
coordinating  all  aspects  of  a  new 
MCSD  training  course.  Strong 
communication  skills  is  a  must. 
Pis  fax  resume  with  salary  reqs 
to  (201)8079815  (prefer)  or 
career@solartechnj.com;  Job 
code:  CT025 


Computer  Programmer,  Printers 
Manufacturer.  Must  have  a 
Bachelor's  Degree/equiv.  in 
related  field,  and  2+  yrs  IT  exp. 
Plan,  develop,  test,  and  docu¬ 
ment  programs.  Evaluate  user 
requests  for  new  and  modified 
programs  for  business  applica¬ 
tions  using  knowledge  of  Visual 
C++,  Visual  Basic. Net,  ASP, 
.NetFramework,  and  SQL 
Server  2000.  40  hrs/wk,  9-5. 
Competitive  salary.  Send 
resume  to:  Prism,  Inc.,  1950 
Evergreen  Pkwy.,  Ste.  500, 
Duluth,  GA  30096. 


Network  Security  Administrator. 
Install,  config,  maintain  LAN, 
WAN.  Internet.  Maintain  internal 
&  external  Web  presence. 
Admin,  networks,  maintain  hard¬ 
ware  &  software,  &  perform  syst 
&  server  backups.  Design,  sup¬ 
port,  maintain  server  syst  &  soft¬ 
ware.  Monitor  &  assure  network 
user  availability.  Plan,  coord,  & 
implement  security  measures  to 
regulate  access  &  prevent  unau¬ 
thorized  use  or  modification. 
Institute  &  apply  EDI  protocols 
for  B2B  communication.  BS  +  2 
yrs  exp.  Send  resume  to  DSS 
Enterprises,  1932  Valewood 
Cir.,  Hoover,  AL  35244. 


PROGRAMMER/ANALYST 
(Manh).  Develops  business 
applications  relating  to  internet, 
pharmaceutical,  business, inven¬ 
tory  control, insurance,  human 
resources,  and  invoicing. 
Knowledge  of  Visual  Basic, 
Crystal  Reports.  Sybase  SQL 
11,  SQL-Programmer,  ERwin 
API,  Active  X,  Windows  NT, 
Unix,  MS  Access,  Cognos 
Impromptu  8  S.  Comp. Science 
2  yrs.  exp  $87,776/yr.  9AM- 
5PM.  M-F,  40  hrs/wk.  Send 
resume  or  letter  describing  qual¬ 
ifications  in  duplicate  to: 
SAH1591.PO  Box  703.New 
York.  NY  10014-0703. 


Distributed  Applications 
Developer.  Advanced 
level  position  in 
Chicago.  Send  resume 
to  Buck  Consultants, 
Inc.  Attn:  J.  Perez,  500 
Plaza  Drive,  Secaucus, 
NJ  07096.  Must  use 
Ref#DAD-3  EOE. 


Prog  Analysts  to  analyze, 
design  s/w  appls  using  SAP  R/3, 
ABAP/4,  C,  C++,  Java,  VB, 
JSP,  JScrlpt,  HTML  on 
UNIX/Windows  os;  gather/docu¬ 
ment  reqs  from  user  community; 
test/troubleshoot  project  appl 
code  according  to  system  objec¬ 
tives.  Require  a  B.S.  or  foreign 
equivalent  in  CS/Engg  (any 
branch )with  2  yrs  exp  in  IT.  High 
salary.  F/T.  Travel  involved. 
Resume  to  HR.  Smartsoft 
International,  Inc.,  4898,  South 
Old  Peachtree  Rd,  Norcross, 
GA  30071. 


Staffing  Tree,  LLC  has  openings 
for  System  Analyst,  IT  consul¬ 
tants/recruiters.  BS  or  equivalent 
required.  Exp.  in  Oracle,  Java, 
C/C++,  SQL  &  IT  placement/mar¬ 
keting  preferred.  Travel  required 
for  some  positions.  We  sponsor 
green  card.  Please  contact  deb- 
das@staffing-tree.com. 

EOE. 

IT  professionals  (programmers/ 
system  analysts,  software  engi¬ 
neers)  wanted  by  Advanced 
Technology  Group  USA. 
Minimum  requirement  is  BS. 
Skills  in  Java,  Oracle,  SQL, 
HTML,  WebLogic.  JSP,  VB,  EJB 
are  strong  plus.  Please  send 
resume  to  info@atgusainc.com. 
EOE 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis/Collierville.  TN:  Senior  Bus¬ 
iness  Application  Analyst.  Act  as 
liaison  between  technical  devel¬ 
opers  and  users/customers. 
Requirements:  Bachelor's  degree 
or  equivalent'  in  computer  sci¬ 
ence,  math,  statistics,  business  or 
related  field  plus  5  years  of  expe¬ 
rience  in  analyzing  business  sys¬ 
tems  and  developing  technical 
automated  solutions  Experience 
with  software  development  life 
cycle  process  and  SQL  also 
required.  'Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1 900  Summit 
Tower  Blvd..  Suite  1400,  Oriando. 
FL  32810.  EOE  M/F/D/V. 


Program  Manager 
Smarte  Solutions,  Inc.  seeks 
Special  Projects  Program  Mgr  in 
Austin,  TX.  Manage  special  pro¬ 
jects  for  customized  implemen¬ 
tation  of  technologies.  Customer 
interface.  Code  conversion 
using  VC++,  MFC,  +  Vis  Basic. 
Work  w/web-based  applies,  e- 
commerce  systems,  SQL,  CD 
standards,  encryption  &  anti¬ 
piracy  methodologies  incl  ISO 
9660  +  DPP  protocol  specs. 
Must  have  BS  in  Comp.  Sci  +  1 
yr  relevant  exp.  Resume  to 
Smarte  Solutions,  611  S. 
Congress  Ave.  Suite  350, 
Austin.  TX  78704. 


Computer  Support  Specialist  - 
Multimedia.  Develop  multimedia 
patient  education  courseware 
using  Flash  5  and  Authorware. 
Design  graphics  using  Adobe 
Photoshop.  Develop  online  and 
standalone  training  delivery  sys¬ 
tems  using  ASP,  SQL,  Java, 
Visual  Basic,  and  Authorware. 
Integrate  and  test  courseware 
and  delivery  systems.  Must 
have  Bachelor's  in  Computer 
Science,  Mathematics,  MIS  or 
related,  and  knowledge  of 
Macromedia  Flash,  Authorware. 
Adobe  Photoshop,  Java,  ASP. 
Visual  Basic  &  SQL.  Send 
resume  w/  cover  letter  to  Dr. 
Moe  Ajam,  Patient  Education 
Institute,  Inc.,  2600  Crosspark 
Rd.,  Coralville,  IA  52241. 
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LogicaCMG  has  an  opening  in 
its  Dearborn.  Ml  office  for  a 
Software  Engineer  to  convert 
data  from  mainframe  Legacy 
systems  to  Datawarehouse  on 
Teradata  &  SQL  server.  Must 
have  a  Bachelor's  degree  in 
Computer  Science  and  1  year  of 
experience  in  software  applica¬ 
tions,  including  experience  with 
Queryman,  Data  Modeling,  Data 
Warehousing  Concepts  and 
Citrix  Nfuse.  Interested  candi¬ 
dates  should  send  resume  to 
Ref.  SE,  Kathleen  A.  Boyle. 
Executive  Assistant  for  Human 
Resources,  LogicaCMG,  32 
Hartwell  Avenue,  Lexington,  MA 
02421. 


Prog.  Analysts  to  analyze, 
design,  develop  network  securi¬ 
ty  s/w  using  VC++,  C++,  SQL 
Server,  MS  Access,  IBM  Visual 
Age,  Apache  Web  Server,  etc. 
under  Windows/UNIX  os; 
design  server  side  Java 
Components,  GUI  using  JScript, 
JSP,  Servlets,  HTML,  etc; 
design  and  optimize  database 
using  JDBC.  SQL,  ODBC,  etc; 
develop  encription  schemes; 
deploy,  evaluate,  test  appls. 
Require  BS  or  foreign  equiv.  in 
CS/Computer  Engineering  with 
2  yrs  exp  in  IT  field.  High  salary, 
travel  involved.  F/T.  Resumes; 
HR,  Lancope,  Inc.,  3650 
Brookside  Pkwy,  Suite  400, 
Alpharetta  GA  30022. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville,  TN:  Senior  Technical 
Analyst.  Research,  evaluate, 
implement  and  coordinate 
changes  to  complex  computer  sys¬ 
tems/applications.  Requirements: 
Bachelor's  degree*  in  computer 
science,  math,  engineering  or 
related  field  plus  5  years  of  experi¬ 
ence  in  systems/  applications 
development,  including  program¬ 
ming.  Experience  with  C  and/or 
C++.  Java  and  Unix  development 
also  required.  "Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services.  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando. 
FL  32810.  EOE  M/F/D/V. 


WHITTMANHART  is  looking  for 
a  Senior  Consultant,  Oracle 
Financial  Applications,  based  in 
Chicago,  IL.  Applicant  must 
have  2  yrs  experience  imple¬ 
menting  Oracle  11  i  using  Oracle 
Application  Implementation 
Methodology  (AIM),  Oracle 
Developer  2000,  Discoverer  and 
Oracle  Workflow.  Send  resume 
to:  Recruiting,  WHITTMAN¬ 
HART,  440  W.  Ontario,  Chicago, 
IL60610.  Reference  job  no. 
03196.  WHITTMANHART  is  an 
equal  opportunity  employer. 


Programmer  Analyst 
Experience  in  all  phases  of  soft¬ 
ware  development  -  Must  be 
able  to  Design,  develop,  test, 
implement  and  customize  busi¬ 
ness  software  applications  using 
UNIX  (AIX,  Solaris  and  HP-UX), 
C++  (Visual  C++  and  C++).  C, 
UML,  Rational  Rose,  SQL, 
ESQL,  PL/SQL  and  JAVA.  Must 
have  used  Oracle  (Various 
Versions),  Sybase  (Various 
Versions)  and  Informix  (Various 
Versions)  for  data  store.  2  years 
experience  on  the  job  with  a 
Bachelor's  degree  in 
Science/Math/Computer/Engg 
Salary  70K.  Shiva  Systems 
5749  Camino  Del  Sol  Unit  206 
Boca  Raton  FL  33433. 


Computer 

Systems  Analyst  in  Trumbull,  CT 
to  design,  develop,  implement, 
maintain,  and  fine-tune 
Windows  NT  as  well  as  tandem- 
based  real  time  systems  operat¬ 
ing  in  Guardian  environments 
using  C/C++,  COBOL,  Java, 
DDL,  TAL,  and  pTAL  program¬ 
ming  languages  and  Non-stop 
SQL,  Enscribe,  Enable  and 
Enform  database  technologies. 
Industry  experience  and  knowl¬ 
edge  in  financial  products,  mar¬ 
ket  data  preferred.  BS  in 
Computer  Science  plus  1  yr. 
exp.  as  Systems  Analyst  or, 
alternatively,  3  yrs.  exp.  as 
Systems  Analyst.  Please  send 
resumes  to:  The  Nasdaq  Stock 
Market,  Inc.  ,  80  Merritt 

Boulevard,  Trumbull,  CT  06611, 
or  send  electronically  to 
careers.ct@nasdaq.com,  ATTN: 
Human  Resources.  Please  ref¬ 
erence  the  following  number  on 
your  resume,  #200306.  We  are 
an  equal  opportunity  employer. 


Prog.  Analysts  to  analyze, 
design,  develop  appls  using 
C++,  VB.Net,  ASP.Net,  Java. 
JSP,  Java  Script,  COM,  Oracle, 
SQL  Server,  IIS,  HTML,  etc. 
under  Windows, UNIX  os;  per¬ 
form  system  &  functional  analy¬ 
sis;  document  development 
process;  test,  debug  and 
upgrade  existing  software. 
Require  candidates  with  BS  or 
foreign  equiv.  in  CS/Engg.(any 
branch)  &  2yrs  exp.  in  S/W  field. 
F/T.  Travel  involved.  Compe¬ 
titive  salary.  Send  Resumes  to: 
HR.  Softrim  Corporation,  3443 
Pine  Ridge  Road,  Naples,  FL 
34109 


Junior  Software  Engineer 
Design  web  pages  by  using 
Cold  Fusion.  Design/develop 
database  using  MS  Access  and 
SQL.  Using  Dreamweaver  & 
Flash  4  as  well  as  HTML- 
DHTML.  Testing  the  functionality 
of  web  pages  and  systems. 
Provide  client  technical  support. 
Test/maintain  software.  Require 
B.S.  degree  in  Information 
Systems  &  familiarity  with  Thai 
culture  &  ability  to  design  web 
pages  in  Thai.  $39,800  Send 
resumes  to  Dept,  of  Workforce 
Services  Attn.  Erlinda  Anderson 
Job  Order  #8065570  140  E.  300 
S.  SLC  UT  84111 


COMPUTATIONAL  ANALYST  to 
develop  numerical  methods, 
perform  statistical  analysis  and 
generate  reports  for  web  traffic 
for  the  company's  hosting 
clients;  optimize  web  traffic 
delivery  with  intelligent  targeting 
algorithms  for  web  ads;  use  sim¬ 
ulation  computation  to  stress 
test  the  company's  network 
servers;  provide  technical  sup¬ 
port  to  clients  in  relation  to  these 
hosting  and  advertising  ser¬ 
vices.  Require:  B.S.  in  Physics/ 
Mathematics/Computer 
Science.  Competitive  salary 
offered.  Apply  with  resume  to: 
Manager,  The  Personnel 
Department,  Inc.,  2971  Flowers 
Rd.  S„  Suite  220,  Atlanta,  GA 
30341. 


Software  Programmer:  Analyze 
&  design  core  business  modules 
using  PowerBuilder,  Visual 
Basic,  SQL  Server,  XML;  write 
stored  procedures;  write  scripts 
&  report  templates  for 
CathSource,  HeartSource,  & 
OrthoSource  applications;  cre¬ 
ate  data  extracts  &  develop  doc¬ 
umentation  for  user's  guide. 
Req  Bachelor's  or  foreign 
degree  equiv  in  CS,  IT  or  related 
plus  2  yrs  work  exp  in  job  offered 
or  in  related  occupation  as 
Programmer,  Consultant  or  any 
suitable  combo  of  edu.,  training, 
and/or  work  exp.  Send  resume 
to  Goodroe  Healthcare 
Solutions,  Inc.  100  Crescent 
Centre  Pkwy,  Ste  720,  Tucker. 
GA  30084  Ref  JB 


SOFTWARE  ENGINEER  (2 
positions)  to  provide  on-site  con¬ 
sultancy  in  design,  develop¬ 
ment,  customization,  testing  and 
maintenance  of  e-commerce 
web-enabled  applications  soft¬ 
ware  using  .Net,  CSharp,  ASP, 
ADO. Net,  ActiveX,  COM/DCOM, 
XML,  VB,  SQL  Server  and  relat¬ 
ed  technologies  on  AS/400;  pro¬ 
vide  software  support  on 
Windows  2000,  Internet 
Information  Server  and  SQL 
Server.  Require:  Bachelor  (or 
equivalent)  in  Computer 
Science/Electronics  Engineering 
and  three  years  experience  in 
the  job  offered  or  any  experi¬ 
ence  providing  skills  in 
described  duties.  40%  travel 
required  to  client  sites  within  the 
United  States.  Salary:  $65,000 
per  year,  40-hour/week,  9  am  to 
5:30  pm,  M-F.  Apply  with  resume 
to:  President,  K2  Technologies, 
Inc.,  2107  Franklin  Drive, 
Papillion,  NE  68133. 


Java  Developer  to  program, 
analyze,  test,  troubleshoot,  and 
develop  web-based  Java  soft¬ 
ware  as  a  front  end  in  multiple 
RDBM  (such  as  Foxpro,  Oracle, 
Interbase  and  Sybase)  legacy 
informational  systems  installed 
in  a  distributed  client  server 
environment  including  imple¬ 
mentation  in  an  intra/internet 
environment.  May  use  tools 
such  as  J  Builder,  J  Developer, 
Weblogic,  Websphere,  JDK, 
EJB,  ETL,  Java  Swing,  Corba, 
Jdbc,  or  XML/XSLT  as  dictated 
by  particular  project  assign¬ 
ments.  Requires  Bachelor’s 
Degree  in  Computer  Science, 
Mathematics,  or  any  Engin¬ 
eering  or  Physical  Science  field 
and  one  year  direct  experience. 
Work  location:  Various  unantici¬ 
pated  client  sites.  Send  resumes 
only,  no  calls,  to:  Perry 
Senaphathy,  Genome  Intern¬ 
ational  Corp.,  583  D'Onofrio  Dr., 
Madison,  Wl  53719. 


IT  Program  Manager:  Lead  busi¬ 
ness  improvement  projects  to 
define  business  requirements, 
detail  functional  and  technical 
specifications,  develop  and 
implement  IT  (process  and  tech¬ 
nology)  solutions.  Work  with 
business  executives  to  identify, 
prioritize  and  scope  IT  initiatives. 
Manage  team  resources  to 
ensure  quality  and  delivery  of 
project  milestones.  Require¬ 
ments  include  a  Bachelor's 
degree  or  equivalent  in 
Business  Management,  Infor¬ 
mation  Technology  or  related 
field  and  four  years  of  pre-  or 
post-degree  experience  in  the 
job  offered  or  related  field  of 
business  process  development. 
Applicants  must  have  unrestrict¬ 
ed  authorization  to  work  in  the 
United  States.  Salary  $99,413/ 
year.  40  hours/wk.  Respond 
with  two  copies  of  resume  to 
Case  #200203025,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  Fl„  Boston.  MA  02114 


PROGRAMMER  ANALYST 
(Hackensack,  NJ)  to  analyze, 
dsgn,  dvlp,  implmt,  test,  edit  & 
create  documentation  &  main¬ 
tain  &  debug  s/ware  applies  & 
systms  utilizing  TFD,  UID, 
Passport  Messaging,  Dynamic 
SQL,  C,  Informix,  Unix,  WinNT  & 
Kom  Shell.  Bach  in  Eng,  Math  or 
Comp  Sci  or  its  foreign  academ¬ 
ic  equiv  +  2yrs  exp  in  job  offd. 
Res:  The  Shubert  Organization, 
Inc.,  Attn:  Cathy  Cozens,  234  W 
44th  St,  NY,  NY  10036.  Fax: 
212-944-4569  email: 
cathyc@shubertorg.com 


CHIEF  ARCHITECT/COMP. 

PROGRAM.  MGR 

Des  Plaines.  IL:  Resp.  for  the 
dsgn,  dvlpmnt  &  implementation 
of  co's  new  generation  PrintFlow 
Scheduling  prog.  Specific  duties 
include:  (i)  overseeing  workflow 
analysis,  prog.  dsgn.  arch.  & 
implementation  of  prog.'s  core 
functionality;  (ii)  supervising 
comp,  progrmrs  &  sftwre  engnrs 
in  their  task  of  dsgng  &  imple¬ 
menting  PrintFlow  Scheduling 
prog.;  (iii)  coordinating  integra¬ 
tion  efforts  to  link  co's  new  sys. 
w/3rd  party  dbases,  mfg  mgmt 
sys.  &  shop  floor  data  collection 
progs.;  &  (iv)  directing  &  coordi¬ 
nating  co's  AHP  research  & 
dvlpmnt  activities.  MS  in  Electr. 
Engnrg  or  Comp.  Sci.  reqd  +  2 
yrs  exp.  in  position  offered  or  as 
a  Sr.  Systems  Analyst.  Must 
have:  (1)  exp.  applying  Object- 
Oriented  skills,  including  C/C++, 
Visual  Basic  &  Smalltalk  80  lan¬ 
guages,  to  model  &  simulate 
industrial  processes,  digital 
image  processing  &  on-line  data 
collection  in  printing  &  paper 
industry;  &  (2)  exp.  w/event-dri- 
ven  simulation  sys..  load  balanc¬ 
ing  algorithms,  scheduling  algo¬ 
rithms.  fast  graphic  routines  as 
well  as  stat.  analysis.  40  hrs/wk, 
OT  as  reqd,  8  am  -  5  pm, 
$88,000/yr.  Qualified  applicants 
fax  resume  to  Jackie  Cimino, 
Director,  Human  Resources, 
PrintCafe  Systems,  Inc.  at  (412) 
456-7829. 


SAP  Programmer/Analyst: 
Design,  develop,  test  and  sup¬ 
port  technical  and  functional 
SAP  R/3  applications  in  the 
materials  management,  produc¬ 
tion  planning,  finance,  control¬ 
ling,  sales  and  distribution,  ser¬ 
vice  management  and  quality 
management  modules  of  SAP. 
Apply  knowledge  of  SAP  data 
model  and  business  problems 
and  implement  them  in  SAP 
environment.  Support  and 
develop  electronic  data  inter¬ 
change.  Design  and  develop 
interactive  and  batch  reporting, 
the  ABAp/4  data  dictionary, 
SAPScripts  and  dialog  pro¬ 
grams.  Work  closely  with  Sap 
analysts  and  super  users  within 
the  business  community. 
Design  and  develop  batch  data 
conversion  sessions  on  call 
transactions,  interfaces,  data 
conversion,  correction  and 
transport  system.  Requirements 
include  a  Bachelor's  degree  or 
equivalent  in  an  Engineering 
discipline  or  closely  related  field 
and  three  years  of  work  experi¬ 
ence  in  the  job  offered  or  related 
field  of  ABAP/4  programming. 
Applicants  must  have  unrestrict¬ 
ed  authorization  to  work  in  the 
United  States.  Salary 

$73, 500/year.  40  hours/wk. 

Respond  with  two  copies  of 
resume  to  Case  #200203098, 
Labor  Exchange  Office,  19 
Staniford  St.,  1st  FL,  Boston,  MA 
02114 


DBAs  to  install,  configure/ 
administer  Oracle  database, 
SQL*Net,  Net8;  design  &  devel¬ 
op  appls  using  Oracle,  Dev 
2000,  SQL,  etc;  maintain  &  mon¬ 
itor  backup,  recovery  proce¬ 
dures  and  maintain  database 
security;design,  code  Java2 
Beans  for  Oracle  database 
access;  perform  data  entity 
design  in  Erwin,  web  interface 
design  &  appl  logic  definition. 
Prog.  Analysts  to  analyze,  devel¬ 
op  appls  using  OOAD.Java, 
J2EE,  ASP,  EJB.  XML.  Jscript, 
Active  X,  JFC  Swing,  HTML, etc. 
under  Windows,  UNIX  os;  per¬ 
form  req  analysis;  provide  on 
site  maintenance  such  as 
debug,  modify,  fine  tune  &  code 
optimization.  Require:  BS  or  for¬ 
eign  equiv.  in  CS/Engg.  (any 
branch)  &  2yrs  exp  in  IT.  Comp. 
Salary.  Travel  involved.  F/T. 
Resume  to:  Infilink  Corporation, 
4  Concourse  Parkway,  Ste  270. 
Atlanta,  GA  30328 


Senior  Software  Engineer: 
Independently  generate  busi¬ 
ness  requirements,  develop 
business  processes,  and  per¬ 
form  software  engineering 
development  to  meet  business 
needs.  Support  all  business 
applications  (enterprise  class 
applications,  browser-based 
applications,  client-server  appli¬ 
cations,  and  n-tier  applications), 
and  analyze  business  process 
impact.  Use  knowledge  and 
experience  in  bug  tracking, 
knowledge  management,  and 
customer  relationship  manage¬ 
ment  to  fully  integrate  existing 
business  processes  and  soft¬ 
ware  systems.  Design,  develop, 
and  analyze  reports  that  monitor 
business  process  statistics;  sug¬ 
gest  improvements  based  on 
analysis.  Use  technical  exper¬ 
tise  of  relevant  products  and 
technologies,  including  Visual 
Basic,  C,  C++,  Java,  HTML, 
XML,  Java,  JavaScript,  SQL, 
PL/SQL,  Perl,  CGI,  XML, 
Seagate  Crystal  Reports, 
Amdocs  Clarify,  Rational 
ClearQuest,  Primus.  Oracle, 
SQL  Server,  Windows,  Linux, 
SunOS/Solaris,  UNIX,  MS  Office 
and  MS  Project.  Requirements 
include  a  Master’s  degree  or 
equivalent  in  Computer  Science, 
Information  Technology,  an 
Engineering  discipline  or  related 
field  and  two  years  of  pre-or 
post-degree  work  experience  in 
the  job  offered  or  related  field  of 
software  engineering  using 
HTML  and  Java.  Applicants 
must  have  unrestricted  autho¬ 
rization  to  work  in  the  United 
States.  Salary  $85, 561/year.  40 
hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203160,  Labor  Exchange 
Office,  19  Staniford  St..  1st  FL, 
Boston,  MA  02114. 


Technical  Support  Engineer 
sought  by  software  develop¬ 
ment,  sales  and  professional 
services  company  in 
Englewood,  CO  to  work  in 
Englewood  and  other  unantici¬ 
pated  job  sites  in  the  U.S.  Under 
close  supervision,  analyze  and 
resolve  code  and  software  appli¬ 
cation  errors  of  Geographic 
Information  Systems  software 
applications.  The  applications 
incorporate  relational  database 
management  systems  and  are 
developed  in  a  client/server 
environment  and  run  on 
Windows  or  Unix  operating  sys¬ 
tems.  Test  new  applications; 
install  and  implement  applica¬ 
tions.  Utilize  object-oriented 
programming  in  resolving  errors 
Provide  phone  and  e-mail  sup¬ 
port  to  customers  to  resolve 
applications  and  system  prob¬ 
lems.  Work  is  closely  moni¬ 
tored.  Requires  bachelor's 
degree  in  computer  information 
systems,  GIS,  or  related  field. 
Working  knowledge  of  software 
applications  which  run  on  Unix 
or  Windows  NT  operating  sys¬ 
tems,  and  of  object-oriented  pro¬ 
gramming  (working  knowledge 
may  be  gained  through  employ¬ 
ment  experience  or  in  an  acade¬ 
mic  setting).  M-F;  8am-5pm; 
$42,000/yr.  Respond  by  resume 
to  Employment  Programs,  PO 
Box  46547,  Denver,  CO  80202 
and  refer  to  CO5057364. 


Java  Programmer  Analyst. 
Provide  technical  computer  sup¬ 
port  and  user  assistance  in 
developing,  operating,  and 
maintaining  all  web  application 
programs  for  all  divisions  of 
Morley  Companies,  Inc;  main¬ 
tain  existing  web  applications; 
and  prepare  program  documen¬ 
tation.  Must  have  Bachelor's  in 
Computer  Science  or  related, 
and  knowledge  of  AS400  plat¬ 
form,  Web  Sphere  Application 
Server,  and  HTTP  server  for 
IBM,  EJB,  Java,  JSP,  & 
Javascript..  Send  resume: 
Morley  Companies,  Inc.,  Attn: 
Richard  Mott,  One  Morley  Plaza. 
Saginaw,  Ml  48603. 


SENIOR  DATABASE  ADMINIS¬ 
TRATOR:  Duties  include:  Apply 
knowledge  of  DB  management 
systems  to:  design  logical  and 
physical  db;  coordinate  physical 
changes  to  db  and  codes:  and 
test,  maintain  and  implement 
physical  db.  Responsible  for  all 
phases  of  db  implementation. 
Duties  and  tasks  include;  assist 
in  the  day-to-day  operation  of 
Oracle  db  systems  in  UNIX 
mainframe  envir.  including  ETL, 
table  creation,  table  analysis, 
table  indexing,  query  creation, 
and  implement  query  and  ETL 
requests  from  internal  staff  ana¬ 
lysts  and  scientists  using 
ACCESS  or  another  db  system; 
Migrate  db  of  size  1 .3  Terabytes; 
setup  OEM  using  3-tier  architec¬ 
ture  (console.  OMS,  repository); 
configure  Intelligent  agent  and 
create  events  /  jobs  for  proac¬ 
tively  monitoring;  implement  var¬ 
ious  Oracle  techn.  and  features 
including  Standby  Database, 
RMAN,  Transportable  table- 
space,  materialized  views,  parti¬ 
tioned  tables,  OEM,  iAS;  write 
Unix  routines  using  ksh,  awk, 
sed.  iostat;  assist  in  writing 
script  to  implement  the  synching 
and  splitting  of  the  BCV  using 
EMC-  Time  Finder  and  Oracle 
Transportable  Tablespace  fea¬ 
ture;  validate,  transform  and 
load  the  XML  file  into  oracle  db 
tables  using  Oracle  XDK  toolkit. 
Min.  Reqt's:  MS  (or  equiv)  in  CS, 
EE,  IT,  MIS  or  related  field  of 
study  plus  2  yrs  exp.  in  job 
offered  or  related  occupation  in 
DBA  development  OR  IN 
ALTERNATIVE  a  BS/BA  (same 
fields  of  study  or  related)  plus  5 
years  of  progressive  experience 
in  job  offered  or  related  occupa¬ 
tion  in  DBA  development.  MUST 
possess;  demonstrated  knowl¬ 
edge  and  experience  with:  (1) 
Development  of  Oracle  data¬ 
base  architecture  in  UNIX  main¬ 
frame  environment;  (2)  SQL. 
PL/SQL  and  SQL  Loader;  (3) 
Installation  and  Configuration  of 
Oracle  iAS,  Oracle  Parallel 
Server;  and  (4)  either  Java  tools 
and  language  or  Java  Web 
Server  is  strongly  preferred  and 
Java  Web  Server.  Basic  pay 
range  is  $80,000  to  $110,000 
per  year  FT  and  standard  com¬ 
pany  benefits.  EEO.  Submit  2 
resumes  in  response  to  Case 
Numbers  2002-03205  &  2002- 
02865,  Labor  Exchange  Office, 
19  Staniford  Street,  1st  floor, 
Boston,  MA  02114. 


Programmer/Analyst  sought  by 
software  development,  sales 
and  services  company  located  in 
Denver,  CO  to  work  in 
Westminster,  CO  and  other 
unanticapted  job  site  in  the  U.S. 
At  a  senior  level,  engage  in  full 
life-cycle  software  development 
of  Geographic  Information 
Systems  software  for  utilities 
and  communications  compa¬ 
nies.  The  software  applications 
are  client/server  based,  incorpo¬ 
rate  relational  database  man¬ 
agement  systems,  and  utilize 
Windows  NT  or  UNIX  operating 
systems.  Analyze  requirements. 
Create  designs  and  design  doc¬ 
umentation.  Code,  test,  debug, 
enhance  and  implement  the 
software  applications.  Complete 
integration  with  customers' 
existing  systems  and  provide 
customer  support  as  needed. 
Use  Java,  C++,  Oracle,  PL/SQL 
and  proprietary  languages  and 
tools  in  the  design  and  develop¬ 
ment  process.  Requires  bache¬ 
lor's  in  computer  science  or 
engineering  (including  electron¬ 
ics  engineering)  or  related  field. 
One  year  experience  in  develop¬ 
ing  software  applications  which 
incorporate  relational  database 
management  systems  in  a 
client/server  environment.  M-F; 
8am  -  5pm;  $60,000/yr. 
Respond  by  resume  to 
Employment  Programs,  PO  Box 
46547,  Denver,  CO  80202  and 
refer  to  CO5057368. 
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What  a  surprise!  Novell  rethinks  itself 


Wow. The  SCO  Group  just 

announced  it  is  dropping  the 
suit  against  IBM  and  refund¬ 
ing  the  money  it  took  in  the  Linux 
license  blackmail  scheme.  And  it 
apologized  for  being  so  annoying 
and  said  Dari  McBride  would  be  dri¬ 
ven  out  of  town  on  a  rail  after  being 
tarred  and  feathered. 

Nahjust  kidding. 

But  although  nothing  quite  that  surprising  has 
happened,  I’d  say  that  Novell’s  recent  love  affair 
with  Linux  is  pretty  remarkable.The  bottom  line  is 
Novell  has  committed  to  delivering  NetWare  ser¬ 
vices  to  run  on  top  of  Linux. 

Novell  hasn’t  declared  what  will  happen  to  its 
NetWare  operating  system  in  the  long  term, 
although  Vice  Chairman  Chris  Stone  said  in  a 
recent  interview  that  “The  NetWare  OS  will  go  on 
forever ....  OSes  never  die.” 

But  Stone  also  referred  to  the  NetWare  operating 
system  going  into  “maintenance  mode” —  a  round¬ 
about  way  of  saying  it  will  be  supported  but  not 
developed  further.  If  that’s  not  death  perhaps  it  would 
be  better  to  think  of  it  as  suspended  animation. 

Operating  systems  might  well  never  die  but  they 
do  fossilize. Technologies  evolve  through  generations 
of  systems  and  the  older  generations  become  less 


relevant  and  less  valuable  as  they  are  superseded. 
This  will  be  NetWare’s  fate  as  it  has  been  the  fate  of 
MS  DOS,  DR  DOS,  PICK,  RSX-1 1M  and  Minix,  just  as  it 
is  becoming  the  fate  of  Windows  NT. 

You  see,  we’ve  gone  far  beyond  the  days  when  we 
were  blown  away  by  server  operating  systems  that 
were  miraculous  simply  because  they  could  open 
a  file  and  lock  it.  Now  we  never  consider  file  ser¬ 
vice  to  be  a  big  deal.  No,  now  we  expect  things 
such  as  journaling  and  advanced  security  and 
encryption. 

What  we  think  a  server  operating  system  should 
do  has  changed  considerably  over  the  years.  What 
matters  are  the  high-level  services  and  systems  that 
provide  management  infrastructure.  All  the  old  fea¬ 
tures  have  become  commodities.  Indeed,  operating 
systems  in  general  are  simply  commodities  provid¬ 
ing  insulation  from  the  hardware  and  the  basic  ser¬ 
vices  that  applications  need. 

So  does  it  matter  that  the  NetWare  operating  sys¬ 
tem  ultimately  will  become  part  of  history?  No.  1 
know  some  of  you  will  shudder  and  complain  bit¬ 
terly  at  the  thought  of  losing  the  operating  system 
part  of  NetWare. You  most  likely  see  it  as  intrinsic  to 
your  network  strategy.  Unfortunately,  your  reluc¬ 
tance  to  accept  and  embrace  change  simply  is 
fighting  against  the  inexorable  forces  of  econom¬ 
ics,  nothing  more. You  can’t  win. 


But  Novell  won’t  immediately  dump  the  NetWare 
operating  system. The  next  version,  NetWare  7,  is 
planned  to  run  on  top  of  both  the  NetWare  operat¬ 
ing  system  and  Linux  for  what  1  suspect  are  mainly 
marketing  reasons. That  said,  Novell  could  surprise 
us  and  go  wholeheartedly  for  a  Linux  foundation 
sooner  rather  than  later. 

Moving  NetWare  services  to  the  Linux  platform  is 
interesting  for  many  reasons.  First  of  all,  unlike  propri¬ 
etary  server  operating  systems  such  as  Windows,  Li¬ 
nux  can  be  verified  to  be  secure. The  endless  list  of 
security  holes  ultimately  could  spell  the  death  of 
Windows. 

Secondly,  adopting  Linux  lets  Novell  focus  on  the 
bigger  and  more  profitable  goal  of  delivering  ser¬ 
vice  value  rather  than  having  to  do  all  the  operat¬ 
ing  system  engineering  that  went  into  NetWare. 

Thanks  to  Novell’s  commitment  to  Linux  and 
Mono  (an  open  source  version  of  Microsoft’s  .Net 
platform),  a  lot  of  people  are  going  to  be  feeling 
good  about  the  company,  which  will  go  a  long  way 
to  reviving  interest  in  its  products. 

So,  from  what  1  see  through  these  initiatives,  Novell 
is  likely  to  surprise  us  and  finally  reinvent  and  redis¬ 
cover  itself. The  result  could  prove  to  be  profitable 
for  the  company  and  profound  for  the  market. 

Rethink  your  position  to  backspin@gibbs.com. 
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By  Paul  McNamara 


They  won't  take  his  money 

Who  can  afford  to  turn  away  paying 
customers  in  this  economy? 

Apparently  Microsoft  can,  at  least  according  to  the  protagonist  of  today's  head- 
scratcher  of  a  tale. 

Two  years  ago,  our  fellow  was  pleased  to  pay  Microsoft  Hotmail  an  introductory 
rate  of  $12.95  for  a  year's  worth  of  extra  storage  and  relaxed  limits  on  attachment 
sizes.That’s  an  awfully  sweet  deal  on  what  is  otherwise  a  free  e-mail  account. 

Turns  out  he  didn’t  need  the  extra  space,  though,  so  our  man  — Tim  is  his  name 
—  let  the  paid  portion  of  his  account  lapse.  (Tim's  a  former  vice  president  at  a 
network  vendor  and  doesn't  want  to  trash  Microsoft  using  his  full  name  while  he's 
job-hunting.)That  decision  left  active  only  the  freebie  Hotmail  address,  which  he 
has  circulated  to  hundreds  of  friends  and  business  contacts  over  the  years. 

Tim  subsequently  lost  his  job  —  and  his  corporate  e-mail  account,  of  course  — 
so  the  trusty  Hotmail  address  became  his  lifeline  to  the  online  world  . . .  and  the 
premium  service  once  again  seemed  appealing. 

Even  though  the  price  is  now  $19.95, Tim  is  more  than  willing  to  pay.  And  why 
not?  It’s  still  a  steal. 

Trouble  is,  Microsoft  doesn’t  want  his  money  —  at  least  not  on  terms  Tim  can 
accept  —  and  finding  out  exactly  why  has  proven  difficult. 

"I  reached  Microsoft  support  fairly  easily,  but  I  was  told  that  because  I  had  pre¬ 
viously  subscribed  to  the  $12.95-per-annum  service  I  was  no  longer  eligible  to 
purchase  additional  storage  for  this  account  —  ever, "Tim  tells  me.  "Skeptically,  I 
requested  to  speak  to  a  manager,  who  promptly  took  my  call.  Amazingly,  she 
confirmed  the  same  story  —  Microsoft's  policy  is  that  any  account  that  took 
advantage  of  the  initial  pilot  price  of  $12.95  is  forever  ineligible  to  purchase 
added  storage  for  any  price.  Presumably,  the  success  of  the  service  at  $12.95 
was  sufficiently  high  that  Microsoft  thought  that  the  market  would  bear  $19.95  — 


this  would  suggest  that  I’m  not  alone  in  enjoying  this  problem." 

What  it  doesn't  suggest  is  an  explanation  for  Microsoft’s  unwillingness  to  both 
restartTim’s  premium  service  and  resume  cashing  his  checks. 

Oh,  he  was  told  that  he  could  get  extra  storage  if  he  was  willing  to  open  a  new 
Hotmail  account,  but  that  option  would  mean  a  new  address  and  all  of  its  atten¬ 
dant  hassles.  AsTim  notes,  “This  is  the  reason  that  Congress  just  mandated 
wireless  service  providers  to  invest  billions  of  dollars  in  infrastructure  to  support 
wireless  number  portability." 

His  efforts  to  get  a  fuller  explanation  proved  futile,  as  Hotmail’s  complaint- 
escalation  process  apparently  ends  far  short  of  anyone  who  actually  could  tell 
him  why  he  was  out  of  luck. ...  So  I  tried. 

"We’re  not  aware  of  any  technical  issues  that  currently  exist  with  the  sign-up 
procedure  that  would  affect  a  customer  trying  to  reestablish  their  extra  stor¬ 
age  service,"  a  Microsoft  spokesman  said. 

Tim  and  the  Hotmail  support  people  beg  to  differ. 

“So,  here  I  sit —  Microsoft  refuses  to  sell  me  additional  storage  for  this  account, 
they  can't  tell  me  why  it  is  impossible  . . .  and  they  cannot/will  not  contact  me 
directly, "Tim  says.  “This  sure  doesn’t  sound  like  a  company  that  is  trying  to  earn 
my  business;  it  seems  much  more  like  the  behavior  of  AT&T  before  divestiture." 

Of  course,  when  you're  the  world’s  richest  software  company - 

You  can  still  read  it 

A  few  of  you  reported  having  difficulty  finding  the  “story”  —  headlined  “48-hour 
Internet  outage  plunges  nation  into  productivity"  —  that  I  recommended  you  read 
on  the  humor  siteThe  Onion.  Sorry  about  that. 

If  you're  still  interested  —  and  trust  me,  it’s  worth  the  trip  —  try  www.nwfu 
sion.com,  DocFinder:  8045. 

Comment ?  Tale  of  woe?  Humor  site  recommendation?  The  address  is 
buzz@nww.com. 
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that  runs  on  industry-standard 
server  clusters,  and  uses  objects  to 
track  and  store  content-address¬ 
able  and  other  data,  and  make 
chunks  of  it  readily  available. 

All  four  are  focusing  on  hash- 
based  or  object-oriented  stor¬ 
age.  in  which  data  is  stored 
based  on  its  contents  rather  than 
its  location  or  a  specific  data 
block. 

In  object-oriented  storage, 
each  piece  of  data  is  represent¬ 
ed  as  an  object  and  automatical¬ 
ly  is  assigned  a  unique  digital 
identifier  or  fingerprint,  which  is 
used  to  retrieve  it.  The  finger¬ 
print,  which  a  hash  algorithm 
creates,  is  used  not  only  to 
retrieve  the  object,  irrespective 
of  its  location  and  placement  on 
tape  or  spinning  disk,  but  also  to 
maintain  the  integrity  of  the  data 
against  changes  or  deletion. 
Often  called  metadata,  the  fin¬ 
gerprint  tracks  the  data’s  loca¬ 
tion,  so  that  it  can  be  retrieved 
quickly  and  so  that  related  data 
objects,  such  as  X-rays  and  test 
results  for  a  patient,  can  be  cor¬ 
related  and  retrieved  coherently. 

For  instance,  multiple  X-rays  and 
diagnostic  test  results  for  a  patient 
could  be  stored  as  individual 
objects,  which  could  be  retrieved 
together  by  searching  on  the 
employee’s  name  or  Social 
Security  number. 

Other  companies  also  are  going 
after  this  market  for  quickly 
accessing  primary  or  secondary 
data.  EMC’s  hardware  and 
software-based  Centera  system 
focuses  on  storing  what  is  called 
content-addressable  storage  — 
data  that  doesn’t  change  and 
needs  to  be  retained  for  a  long 
period  of  time.  Network  Ap¬ 
pliance’s  NearStore  appliance 
and  SnapLock  software  store  data 
in  regulation-compliant  mode. 
Start-up  Avamar  focuses  on  back¬ 
ing  up  and  retrieving  object- 
based  data.  And  start-up  Persist 
Technologies’  AppStor  software  is 
designed  to  archive  object-tagged 
e-mail  records. 

The  market  is  ripe,  analysts 
say  * 

“There’s  a  push  that  would  * 
Miggest  that  moving  out  of 
nt-addressable  storage  to 
'  j  nased  storage  is  a  more 
*  c  ale  play,”  says  Steve 
/on,  a  senior  analyst  with 
Storage  Group.  “End 
o  have  object-orient- 
*  1  *  that  can  focus  not 

or  •  .  ,  cations  like  e-mail 

or  1  also  CAD  files, 

d i t' ,'rv . .  o  i :  i etc* 


Permabit’s  clustered  storage 


Permabit’s  architecture  is  similar  to  those  of  Cluster  File  Systems  and  Reference  Information 

Systems.  A  __________  _ 


Data  sources  for  Permabit  to  manage  may  be  back-up  servers,  application  servers,  mail  servers  or  file  servers. 


Mail  server 


Back-up  server 


31 


Permeon  portal 

: 
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Application  servers 

31 

Permeon  portal 
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Portal  software  runs  nativety 
on  application  servers  or  on 
blade-server  gateways 
attached  to  the  application 
servers,  and  creates  objects 
for  each  data  bit  generated. 
Data  flows  from  the 
application  server  to  the 
Permeon  server  cluster. 


Permabit’s  Permeon  software  is 
installed  on  a  cluster  of  industry- 
standard  Intel  servers  equipped 
with  as  much  as  40  terabytes  of 
storage.  The  cluster  communi¬ 
cates  with  Permeon  portal  soft¬ 
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ware,  which  runs  native  on  appli¬ 
cation  servers  in  the  network  or 
on  blade-server  gateway  comput¬ 
ers  positioned  so  they  provide 
access  to  application  servers. 

The  portal  software  then  breaks 
data  into  information  objects  and 
uses  TCP/IP  to  communicate  it  to 
the  cluster. The  servers  in  the  clus¬ 
ter  route,  store  and  replicate  the 
data  blocks  as  needed.  Users  can 
see  the  data  via  the  Common  In¬ 
formation  File  System  or  Network 
File  System  interface  used  in  net- 
work-attached  and  file  server- 
based  storage. 


«  u  s  / 


Teleworker  ~  s 

tantrums 

Remote  support  lines  ringing  off  the  hook?  Teleworkers 
—  and  their  tech  problems  —  need  special  handling.  Turn 
to  Net.Worker  for  tips  and  advice  to  get  the  job  done. 

Log  on  to  www.nwfusion.com/net.worker/ 


www.nwfusion.com/net.worker/ 


Software  running  on  the 
cluster  manages,  routes, 
stores  and  replicates  the 
objects  so  data  can  be  found. 
Because  the  servers  are 
clustered,  if  a  failure  occurs 
or  if  new  storage  capacity  is 
added,  the  cluster 
automatically  adjusts. 


Permeon  cluster  and  storage 


Bob  McKie, systems  manager  for 
the  Surgical  Planning  Laboratory 
at  Brigham  and  Women’s  Hospital 
in  Boston,  is  implementing  Perma¬ 
bit’s  clustered  software  to  protect 
his  secondary  storage,  which  is 


made  up  of  diagnostic  images, 
each  of  which  could  be  as  large 
as  100  megabytes. 

“We  have  two  portals  and  five 
storage  units  for  storing  two  tera¬ 
bytes  of  storage,”  McKie  says.“We 
are  looking  at  Permabit  for  sec¬ 
ondary,  modular  storage  to  pro¬ 
tect  our  primary  storage. The  pri¬ 
mary  data  is  such  that  it  needs  to 
be  kept  for  a  while,  and  since 
research  results  are  based  on  it,  it 
needs  to  be  safe  and  be  possible 
to  reproduce  if  it’s  accidentally 
deleted  from  primary  storage.” 

McKie  says  he  put  in  Permabit 


to  protect  his  repository  of  sec¬ 
ondary  medical-image  data  after 
Brigham  and  Women’s  suffered 
water  damage  from  a  burst  pipe 
at  its  primary  storage. 

In  Cluster  File  Systems’  open 
source  Lustre  File  System,  the 
clustered  file  system  is  separated 
from  the  actual  storage  of  the 
object.  Client  software  communi¬ 
cates  with  a  Linux  cluster  of 
metadata  servers  and  Linux  stor¬ 
age  servers  called  object  storage 
targets,  which  are  attached  to  tra¬ 
ditional  storage  arrays.The  meta¬ 
data  servers,  which  manage  and 
create  files,  communicate  with 
the  object  storage  targets,  which 
in  turn  communicate  with  client 
computers  and  the  physical  stor¬ 
age  devices  to  access  data. 

Sources  say  that  there  are  other 
companies,  including  Panasas 
and  R1S,  that  will  introduce  prod¬ 
ucts  in  the  next  few  months. 
Panasas  is  building  Linux  clusters 
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and  an  object-oriented  file  system 
in  which  file  data  moves  from 
centrally  shared  storage  onto 
local  disks,  where  it  is  then  divid¬ 
ed  among  the  compute  nodes  for 
processing  and  finally  sent  back 
to  shared  storage.  RIS  is  building 
cluster-based  archives  for  digital 
data.  Panasas  and  RIS  declined  to 
comment. 

Industry  groups  such  as  the 
Storage  Networking  Industry 
Association  (SNIA)  and  the 
American  National  Standards 
Institute  (ANSI)  also  say  they  are 
hoping  to  capitalize  on  object- 
oriented  storage.  SNIA  has 
formed  a  committee  to  investi¬ 
gate  the  technology;  it  is  working 
on  a  specification  with  the 
Object-Based  Storage  Device 
working  group  within  the  ANSI’s 
T10  SCSI  Storage  Interfaces 
Group.  EMC,  HR  IBM,  Intel, 
Seagate  and  Veritas  Software  are 
members  of  this  group. 

Permabit  says  its  product,  while 
similar  to  EMC’s  Centera, 
Hitachi’s  Open  LDEV  Guard  and 
Network  Appliance’s  Snaplock 
software,  is  less  expensive  and 
more  reliable.  Permeon  will  be 
available  this  month  starting  at 
$40,000  for  a  two-terabyte  con¬ 
figuration.  By  contrast,  EMC’s 
Centera  starts  at  $205,000  for  five 
terabytes. 

Cluster  File  Systems’  Lustre  is 
being  used  by  DataDirect  Net¬ 
works,  HP  Lawrence  Livermore 
National  Laboratory  and  the 
Pacific  Northwest  National  Labor¬ 
atory,  the  company  says.  It  is  ex¬ 
pected  to  be  available  late  this 
year  at  no  charge  from  www. 
lustre.org.  ■ 
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